Types of malware.
- Types and Examples
There are several ways to categorise malware, some Antivirus manufacturers categorise them by the type of file they infect. One example of this is in the table below
I don't intend to be quite that logical here. What I intend to do is merely explain some of the words and expressions you are most likely to come across.
Controls and Applets - ActiveX and Java controls may soon be the scourge of computing. Most people do not know how to control there web browser to enable or disable the various functions like playing sound or video and so, by default, leave a nice big hole in the security by allowing Applets free run into their machine. Many security experts have expressed concern about the amount of power that JAVA imparts.
Boot viruses - Also called boot sector virus. These viruses infect floppy disk boot records or master boot records in hard disks. They replace the boot record program (which is responsible for loading the operating system in memory) copying it elsewhere on the disk or overwriting it. Boot viruses load into memory if the computer tries to read the disk while it is booting. Examples: Form, Disk Killer, Michelangelo, and Stoned virus
Program viruses -These infect executable program files, such as those
with extensions like .BIN, .COM, .EXE, .OVL, .DRV (driver) and .SYS (device
driver). These programs are loaded in memory during execution, taking the virus
with them. The virus becomes active in memory, making copies of itself and
infecting files on disk.
Multipartite viruses - A hybrid of Boot and Program viruses. They infect
program files and when the infected program is executed, these viruses infect
the boot record. When you boot the computer next time the virus from the boot
record loads in memory and then starts infecting other program files on disk.
Stealth viruses -These viruses use certain techniques to avoid detection. They may either redirect the disk head to read another sector instead of the one in which they reside or they may alter the reading of the infected file's size shown in the directory listing. For instance, the Whale virus adds 9216 bytes to an infected file; then the virus subtracts the same number of bytes (9216) from the size given in the directory.
Polymorphic viruses - A virus that can encrypt its code in different
ways so that it appears differently in each infection. These viruses are more
difficult to detect.
Macro Viruses - A macro virus is a new type of computer virus that
infects the macros within a document or template. When you open a word
processing or spreadsheet document, the macro virus is activated and it infects
the Normal template (Normal.dot)-a general purpose file that stores default
document formatting settings. Every document you open refers to the Normal
template, and hence gets infected with the macro virus. Since this virus
attaches itself to documents, the infection can spread if such documents are
opened on other computers.
Worm - A computer program that replicates itself and is self-propagating. The main difference between a worm and a virus is that viruses are intended to cause problems on stand-alone machines and attack boot sectors and files on the hard disk. Worms are specifically designed to permeate network environments. The most notorious worm was the Internet Worm of November 1988. It propagated itself on over 6,000 systems across the Internet.
Backdoor - A Backdoor is a program that opens secret access to systems, and is often used to bypass system security. A Backdoor program does not infect other host files, but nearly all Backdoor programs make registry modifications. Much fuss was made in Nov. 2001 when it was reported that antivirus software and fire wall manufacturers had created a backdoor for the FBI.