Introduction
The continuing growth of the number of internet users over the last 10 years triggered a group of people to get down with something that many find dangerous: they have decided to develop programs that would make the computer useless! If you find out today that your PC has a virus, you will probably panic. And you will be right, cause most of the 100,000 viruses these days are NOT something to laugh about!
What is a virus
A sequence of symbols, that when executed under certain circumstances or a certain operating system, they create an exact replicate of the sequence, which they install into the hard disk or diskette. The installation usually takes place inside a directory commonly used. A virus may also have a payload function, by which it will damage the infected computer.
TYPES OF MALWARE
Trojan horses / Backdoor programs
They are the most infamous type of viruses. They include a code, upon the execution of which, the host computer becomes valnerable to a malicious remote user. Hacker-wannabies and "lamers" use these viruses to "hack" :P other users. But that's not all … Some trojans and backdoors may delete important files of the hard disk, or even format it. They can't reproduce and for this reason many do not even consider them as "real" viruses.
Polymorphic
We call polymorphic a virus that hides its destructive code within the infected file in several different ways. The particular type of viruses is more difficult for the antivirus programs to detect, since there barely is a same routine inside each virus sample.
Stealth viruses
They use the memory interrupts of the computer. Once a program calls a memory interrupt, the virus gets activated instead of the program itself. Stealth viruses perform one more function. They are capable of hiding from antivirus programs. Whenever they detect a scan function by the antivirus program, they temporarily restore the original non-infected file, so that the antivirus program will believe that there is are no viruses inside the system. Once the antivirus has finished its scan, they infect the file again. The specific method of hiding is often called "tunneling”
Parasitic (Appending viruses)
They are called parasitic cause they infect the original file, copying the destructive code within it, without making the original file irrepairable. Once the user executes the infected file, the virus is activated without letting the original function of the file to be executed.
Overwriting viruses
The simplest way for a virus to infect a computer is to merge itself with a well-known file. This way the original file CANNOT be restored. Some of these viruses have the ability not to alter the original filesize, so that some antivirus programs will not see the difference in the original file. Nevertheless, most coders do not make such type of viruses anymore.
Companion viruses
They are viruses that are executed usually under MS-DOS. When the user types a DOS command (e.g. "edit") and the file edit.exe is not present, the OS will execute the file edit.com, which really is the virus itself. Still, if the user types "edit", the OS will execute the virus (edit.com) and not edit.exe, which is the real editing program!
Retro viruses
They are viruses that do nothing but "fight" a specific antivirus program, meaning that if they detect it inside the hard disk, they will delete all components of it.
Logic bombs
They are viruses that activate upon a certain trigger date, e.g. at 15.00 of 11 of September. They have a destructive payload, such as deleting files.
Droppers
They are executable files that contain the proper commands to create a virus inside the pc but do not include a virus themselves. They are harder to detect than a normal virus.
Worms
They are called worms because they are usually found in computer networks. They use the Internet as a medium to spread (emails, irc chat etc).
Boot sector viruses
These viruses infect the boot area of the hard disk or diskette. They are the ones to blame for most infection worldwide. You do not have to have an MS-DOS based OS in your pc to activate such a virus, since they do not make such .. discriminations. E.g. although the Michelangelo virus cannot spread using Windows NT, he still can wipe out the contents of the hard disk on March 6th!
Direct action viruses
These viruses just execute their destructive payload and are not memory resident.
Macro viruses
They are the well-known viruses that infect using a macro-command. They harm only Word, Excel, Office, PowerPoint and Access files. They are very easy to spread. Most typical example you can find is Microsoft itself, who - is believed to - had a macro-virus inside the first edition of MS Office ‘97.
Multi Platform viruses
They are viruses that affect on more that one operational systems. Usually, a virus that affects Windows OS, cannot harm an Apple pc.
Note : The above article was published in Net magazine (issue 06-2001) at an exclusive cooperation with the webmaster of AntiVira.com, all copyrights belong to him and not to the specific magazine.