Classification of Virus
.jpg)
1. Boot sector viruses
2. Companion viruses
3. Email viruses
4. Logic bombs and time bombs
5. Macro viruses
6. Cross-site scripting virus
7. File virus
Two other types of malware are often classified as viruses, but are actually forms of distributing malware:
8. Trojan horses
9. Worms.
Boot sector viruses
A book sector viruses alters or hides in the boot sector, usually the 1st sector, of a bootable disk or hard drive. Boot sector viruses were prevalent in the 1980s.
Boot sector Infectors: Also sometimes called boot record infectors, system viruses, or boot viruses, these programs attack the vulnerable boot program that is stored on every bootable floppy disk or hard disk. This code id executed by the system when the PC is started up, making it a juicy target for virus writers: by installing themselves here thy guarantee that their code will be executed whenever the system is started up, giving them full control over the system to do what they wish. They are spread most commonly through infected bootable floppy disks.
Companion viruses
A companion viruses doe not have host files per se, but exploits MS-DOS. A companion virus creates new files (typically.COM but can also use other extensions such as “.EXD”) that have the same file names as legitimate .EXE files. When a user types in the name of a desired program, if a user does not type in “.EXE” but instead does not specify a file extension, DOS will assume he meant the file with the extension that comes first in alphabetical order and run the virus. For instance, if a user had “(filename).COM” (the virus) and “(filename).EXE” and the user typed “filename”, he will run “(filename).COM” and run the virus. The virus will spread and do other tasks before redirecting to the legitimate file, which operates normally. Some companion viruses are known to run under Windows 95 and on DOS emulators on Windows NT systems. Path companion viruses create files that have the same name as the legitimate file and place new virus copies earlier in the directory paths. These viruses have become increasingly rare with the introduction of Windows XP, which does not use the MS-DOS command prompt.
Email viruses
An E-mail virus is a virus which uses e-mail messages as a mode of transport. These viruses often copy themselves by automatically mailing copies to hundreds of people in the victim’s address book.
Logic bombs and time bombs
A logic bomb employs code that lies inert until specific conditions are met. The resolution of the conditions will trigger a certain function (such as printing a message to the user under/or deleting files). An example of a logic bomb would be a virus that waits to execute until it has infected a certain number of hosts. A time bomb is a subset of logic bomb, which is set to trigger on a particular date and/or time.
Macro viruses
The newest types of virus, these clever programs make use of the built-in programming languages in popular programs such as Microsoft Word and Microsoft excel. These programs allow users to create programs that automate tasks, called macros. As the macros languages have become more powerful, virus writers have created malevolent macros that, when opened unwittingly, duplicate themselves into other documents and spread just like a conventional virus would. These programs can cause just as much damage as regular viruses, despite the fact that they are very different: regular viruses are low-level machine language programs, while macro viruses are actually high-level interpreted BASIC programs.
A macro virus, often written in the scripting languages for Microsoft programs such as Word and Excel, is spread in Microsoft Office by infecting documents and spreadsheets.
Cross-site scripting virus
A cross-site scripting virus (XSSV) is a type of virus that utilizes cross-site scripting vulnerabilities to replicate. A XSSV is spread between vulnerable web applications and web browser creating a symbiotic relationship.
File virus
These viruses directly attack and modify program files, which are usually .EXE or .COM files. When the program is run, the virus executes and does whatever it wants to do. Usually it loads itself into memory and waits for a trigger to find and infect other programs files. These viruses are commonly spread through infected floppy disks, over networks, and over the internet.
Trojan horses
Trojan Horses are imposter files that claim to be something desirable but, in fact, are malicious. Rather insert code into existing files, a Trojan horse appears to do one thing (install a screen saver, or show a picture inside an e-mail for example) when in fact it does something entirely different, and potentially malicious, such as erase files. Trojans can also open back doors so that computer hackers can gain access to passwords, and other personal information stored on a computer.
Although often referred to as such, Trojan horses are not viruses in the strict sense because they cannot replicate automatically. For a Trojan horse to spread, it must be invited onto a computer by the user opening an email attachment or downloading and running a file from the Internet, for example.
A Trojan horse is any program that, once run, does something that the user doesn’t want or request. The program doesn’t necessarily infect other files or spread to other something other than what it is supposed to. Some people think of viruses as a special form of Trojan horse: one that can infect other files 9thus turning them into Trojan horses) and duplicate itself. Trojan horses are sometimes just called “Trojans” for short.
Worms
A worm is a piece of software that uses compute networks and security flaws to create copies of itself. A copy of the worm will scan the network for any other machine that has a specific security flaw. It replicates itself to the new machine using the security flaw, and then begins scanning and replicating anew.
Worms are programs that replicate themselves from system to system without the use of a host file. This is in contrast to viruses, which requires the spreading of an infected host file . although worms generally exist inside of other files, often word or excel documents, there is a difference between how worms and viruses use the host file. Usually the worm will release a document that already has the “worm” macro inside the document. The entire document will travel from computer to computer, so the entire document should be considered the worm. Mydoom is an example of a worm.
A worm is a program that is self-contained and when run, has the ability to spread itself to other systems. In essence, a worm is a virus that doesn’t infect other programs. Instead, it acts independently, seeking to spread to other computers connected to its current host. Since they do not infect programs or boot sectors, they are much less frequently encountered than viruses. They tend to spread over network connections. They can have other undesirable effects when run.
Note: The acronym “WORM” is also used as a short form for “write once, read many”, a storage technology that is used by devices such as CD-R drives. The concepts are totally unrelated.
2. Companion viruses
3. Email viruses
4. Logic bombs and time bombs
5. Macro viruses
6. Cross-site scripting virus
7. File virus
Two other types of malware are often classified as viruses, but are actually forms of distributing malware:
8. Trojan horses
9. Worms.
Boot sector viruses
A book sector viruses alters or hides in the boot sector, usually the 1st sector, of a bootable disk or hard drive. Boot sector viruses were prevalent in the 1980s.
Boot sector Infectors: Also sometimes called boot record infectors, system viruses, or boot viruses, these programs attack the vulnerable boot program that is stored on every bootable floppy disk or hard disk. This code id executed by the system when the PC is started up, making it a juicy target for virus writers: by installing themselves here thy guarantee that their code will be executed whenever the system is started up, giving them full control over the system to do what they wish. They are spread most commonly through infected bootable floppy disks.
Companion viruses
A companion viruses doe not have host files per se, but exploits MS-DOS. A companion virus creates new files (typically.COM but can also use other extensions such as “.EXD”) that have the same file names as legitimate .EXE files. When a user types in the name of a desired program, if a user does not type in “.EXE” but instead does not specify a file extension, DOS will assume he meant the file with the extension that comes first in alphabetical order and run the virus. For instance, if a user had “(filename).COM” (the virus) and “(filename).EXE” and the user typed “filename”, he will run “(filename).COM” and run the virus. The virus will spread and do other tasks before redirecting to the legitimate file, which operates normally. Some companion viruses are known to run under Windows 95 and on DOS emulators on Windows NT systems. Path companion viruses create files that have the same name as the legitimate file and place new virus copies earlier in the directory paths. These viruses have become increasingly rare with the introduction of Windows XP, which does not use the MS-DOS command prompt.
Email viruses
An E-mail virus is a virus which uses e-mail messages as a mode of transport. These viruses often copy themselves by automatically mailing copies to hundreds of people in the victim’s address book.
Logic bombs and time bombs
A logic bomb employs code that lies inert until specific conditions are met. The resolution of the conditions will trigger a certain function (such as printing a message to the user under/or deleting files). An example of a logic bomb would be a virus that waits to execute until it has infected a certain number of hosts. A time bomb is a subset of logic bomb, which is set to trigger on a particular date and/or time.
Macro viruses
The newest types of virus, these clever programs make use of the built-in programming languages in popular programs such as Microsoft Word and Microsoft excel. These programs allow users to create programs that automate tasks, called macros. As the macros languages have become more powerful, virus writers have created malevolent macros that, when opened unwittingly, duplicate themselves into other documents and spread just like a conventional virus would. These programs can cause just as much damage as regular viruses, despite the fact that they are very different: regular viruses are low-level machine language programs, while macro viruses are actually high-level interpreted BASIC programs.
A macro virus, often written in the scripting languages for Microsoft programs such as Word and Excel, is spread in Microsoft Office by infecting documents and spreadsheets.
Cross-site scripting virus
A cross-site scripting virus (XSSV) is a type of virus that utilizes cross-site scripting vulnerabilities to replicate. A XSSV is spread between vulnerable web applications and web browser creating a symbiotic relationship.
File virus
These viruses directly attack and modify program files, which are usually .EXE or .COM files. When the program is run, the virus executes and does whatever it wants to do. Usually it loads itself into memory and waits for a trigger to find and infect other programs files. These viruses are commonly spread through infected floppy disks, over networks, and over the internet.
Trojan horses
Trojan Horses are imposter files that claim to be something desirable but, in fact, are malicious. Rather insert code into existing files, a Trojan horse appears to do one thing (install a screen saver, or show a picture inside an e-mail for example) when in fact it does something entirely different, and potentially malicious, such as erase files. Trojans can also open back doors so that computer hackers can gain access to passwords, and other personal information stored on a computer.
Although often referred to as such, Trojan horses are not viruses in the strict sense because they cannot replicate automatically. For a Trojan horse to spread, it must be invited onto a computer by the user opening an email attachment or downloading and running a file from the Internet, for example.
A Trojan horse is any program that, once run, does something that the user doesn’t want or request. The program doesn’t necessarily infect other files or spread to other something other than what it is supposed to. Some people think of viruses as a special form of Trojan horse: one that can infect other files 9thus turning them into Trojan horses) and duplicate itself. Trojan horses are sometimes just called “Trojans” for short.
Worms
A worm is a piece of software that uses compute networks and security flaws to create copies of itself. A copy of the worm will scan the network for any other machine that has a specific security flaw. It replicates itself to the new machine using the security flaw, and then begins scanning and replicating anew.
Worms are programs that replicate themselves from system to system without the use of a host file. This is in contrast to viruses, which requires the spreading of an infected host file . although worms generally exist inside of other files, often word or excel documents, there is a difference between how worms and viruses use the host file. Usually the worm will release a document that already has the “worm” macro inside the document. The entire document will travel from computer to computer, so the entire document should be considered the worm. Mydoom is an example of a worm.
A worm is a program that is self-contained and when run, has the ability to spread itself to other systems. In essence, a worm is a virus that doesn’t infect other programs. Instead, it acts independently, seeking to spread to other computers connected to its current host. Since they do not infect programs or boot sectors, they are much less frequently encountered than viruses. They tend to spread over network connections. They can have other undesirable effects when run.
Note: The acronym “WORM” is also used as a short form for “write once, read many”, a storage technology that is used by devices such as CD-R drives. The concepts are totally unrelated.
