Viruses (OBJ 2.4)
Introduction to Computer Viruses
- A computer virus is made up of malicious code that executes on a machine without the user's knowledge, allowing it to infect the system every time it is run.
Real-World Example of Virus Infection
- A common scenario involves downloading a video game from the internet. The installation file may contain malicious code.
- When the user runs the installation program, the virus is installed on the machine, allowing it to initiate malicious activities, such as:
- Replicating across the network.
- Deleting critical files.
- Utilizing valuable computing resources.
Types of Computer Viruses
- There are 10 different types of computer viruses:
- Boot Sector Virus
- Macro Virus
- Program Virus
- Multipartite Virus
- Encrypted Virus
- Polymorphic Virus
- Metamorphic Virus
- Stealth Virus
- Armored Virus
- Hoax Virus
1. Boot Sector Virus
- This virus is stored in the first sector of a hard disk or solid-state device.
- It loads into memory upon the computer's boot-up.
- Difficult to detect, as it installs before the operating system starts.
- Detection and removal require specific antivirus solutions, often executed from:
- A network anti-virus scanning engine.
- A Linux live boot disc.
2. Macro Virus
- Macros allow for code to be embedded in documents, causing the virus to execute when the document is opened.
- Commonly found in:
- Microsoft Word documents
- Microsoft Excel spreadsheets
- Microsoft PowerPoint presentations
- Although macros provide additional functionalities, they can be exploited by malicious entities to embed harmful code.
- Social engineering techniques are often used to trick users into opening infected documents.
3. Program Virus
- A program virus seeks to infect executable or application files.
- Example: Once infected, applications like Microsoft Word reinfect the system every time they are opened.
- The persistent nature of these viruses highlights the need for rigorous protection measures.
4. Multipartite Virus
- Combines characteristics of both boot sector and program viruses.
- Can install itself in the boot sector and in an application, allowing for dual-layer persistence.
- If a cybersecurity professional removes the compromised application, the boot sector infection may remain, leading to reinfection on reboot.
5. Encrypted Virus
- This virus hides its code by encrypting its malicious payloads, complicating detection.
- Makes use of cipher text to remain undetected both by users and anti-virus software.
- As anti-virus technologies advance, so do the methods adopted by malicious code creators.
6. Polymorphic Virus
- An advanced version of an encrypted virus. It alters its own code during each execution.
- The decryption module changes to evade detection by signature-based anti-virus applications.
7. Metamorphic Virus
- Capable of completely rewriting itself before attempting to infect files.
- This makes it even more advanced than polymorphic viruses.
8. Stealth Virus
- Not a type in itself but a technique employed to avoid anti-virus detection.
- Utilizes various evasion methods, such as:
- Encrypting its contents
- Modifying its payload
- Other techniques to bypass detection.
9. Armored Virus
- Features protective layers designed to confuse those analyzing the program.
- Virus creators employ such tactics to facilitate spreading while evading detection by security systems.
10. Hoax Virus
- Technically not a virus but a form of social engineering.
- It aims to scare users into taking undesirable actions, such as:
- Following steps to “remove” a nonexistent infection, which may lead to actual malware installation.
- An example of a hoax could be a pop-up claiming to be from Microsoft Tech Support, misleading users into believing their machine is infected.
- Users should recognize that a hoax does not equate to an actual virus infection unless they comply with the misleading instructions.
Conclusion
- A computer virus represents malicious code executed unknowingly by the user, capable of invoking various types of infections.
- The 10 types of viruses (boot sector, macro, program, multipartite, encrypted, polymorphic, metamorphic, stealth, armored, and hoax viruses) serve as crucial categories in understanding malware.
- In modern cybersecurity, viruses are increasingly sophisticated, often combining multiple categories to evade detection and enhance infection capabilities.