Viruses (OBJ 2.4)

Introduction to Computer Viruses

A computer virus is made up of malicious code that executes on a machine without the user's knowledge, allowing it to infect the system every time it is run.

A common scenario involves downloading a video game from the internet. The installation file may contain malicious code.
When the user runs the installation program, the virus is installed on the machine, allowing it to initiate malicious activities, such as:
- Replicating across the network.
- Deleting critical files.
- Utilizing valuable computing resources.

This virus is stored in the first sector of a hard disk or solid-state device.
It loads into memory upon the computer's boot-up.
Difficult to detect, as it installs before the operating system starts.
Detection and removal require specific antivirus solutions, often executed from:
- A network anti-virus scanning engine.
- A Linux live boot disc.

Macros allow for code to be embedded in documents, causing the virus to execute when the document is opened.
Commonly found in:
- Microsoft Word documents
- Microsoft Excel spreadsheets
- Microsoft PowerPoint presentations
Although macros provide additional functionalities, they can be exploited by malicious entities to embed harmful code.
Social engineering techniques are often used to trick users into opening infected documents.

A program virus seeks to infect executable or application files.
Example: Once infected, applications like Microsoft Word reinfect the system every time they are opened.
The persistent nature of these viruses highlights the need for rigorous protection measures.

Combines characteristics of both boot sector and program viruses.
Can install itself in the boot sector and in an application, allowing for dual-layer persistence.
If a cybersecurity professional removes the compromised application, the boot sector infection may remain, leading to reinfection on reboot.

This virus hides its code by encrypting its malicious payloads, complicating detection.
Makes use of cipher text to remain undetected both by users and anti-virus software.
As anti-virus technologies advance, so do the methods adopted by malicious code creators.

An advanced version of an encrypted virus. It alters its own code during each execution.
The decryption module changes to evade detection by signature-based anti-virus applications.

Not a type in itself but a technique employed to avoid anti-virus detection.
Utilizes various evasion methods, such as:
- Encrypting its contents
- Modifying its payload
- Other techniques to bypass detection.

Features protective layers designed to confuse those analyzing the program.
Virus creators employ such tactics to facilitate spreading while evading detection by security systems.

Technically not a virus but a form of social engineering.
It aims to scare users into taking undesirable actions, such as:
- Following steps to “remove” a nonexistent infection, which may lead to actual malware installation.
An example of a hoax could be a pop-up claiming to be from Microsoft Tech Support, misleading users into believing their machine is infected.
Users should recognize that a hoax does not equate to an actual virus infection unless they comply with the misleading instructions.

A computer virus represents malicious code executed unknowingly by the user, capable of invoking various types of infections.
The 10 types of viruses (boot sector, macro, program, multipartite, encrypted, polymorphic, metamorphic, stealth, armored, and hoax viruses) serve as crucial categories in understanding malware.
In modern cybersecurity, viruses are increasingly sophisticated, often combining multiple categories to evade detection and enhance infection capabilities.