NowtAdminCase Studiesmodule1Module2Module3Module4Module5Module6Glossary

  
nowtKnowledge,Data,informationValue of InformationControl of informationLimits of InformationSocial ImpactCommunicationsProfessionalsCrimeThe LawHealth and Safetynowt
endMalpracticefraudtheftpriacyhackingblue publishingvirus life cycleviruses or nottypes of virushoaxesquizquestionsend
 

Types of malware.

- Types and Examples

There are several ways to categorise malware, some Antivirus manufacturers categorise them by the type of file they infect. One example of this is in the table below

  • Active X
  • Boot sector viruses
  • COM and EXE file infectors
  • Executable and Link format
  • Joke programs - JOKE Java malicious code -
  • JAVA Macro viruses
  • Trojan horses
  • VBScript, JavaScript or HTML viruses

I don't intend to be quite that logical here. What I intend to do is merely explain some of the words and expressions you are most likely to come across.

Controls and Applets - ActiveX and Java controls may soon be the scourge of computing. Most people do not know how to control there web browser to enable or disable the various functions like playing sound or video and so, by default, leave a nice big hole in the security by allowing Applets free run into their machine. Many security experts have expressed concern about the amount of power that JAVA imparts.

Boot viruses - Also called boot sector virus. These viruses infect floppy disk boot records or master boot records in hard disks. They replace the boot record program (which is responsible for loading the operating system in memory) copying it elsewhere on the disk or overwriting it. Boot viruses load into memory if the computer tries to read the disk while it is booting. Examples: Form, Disk Killer, Michelangelo, and Stoned virus

Program viruses -These infect executable program files, such as those with extensions like .BIN, .COM, .EXE, .OVL, .DRV (driver) and .SYS (device driver). These programs are loaded in memory during execution, taking the virus with them. The virus becomes active in memory, making copies of itself and infecting files on disk.
Examples: Sunday, Cascade

Multipartite viruses - A hybrid of Boot and Program viruses. They infect program files and when the infected program is executed, these viruses infect the boot record. When you boot the computer next time the virus from the boot record loads in memory and then starts infecting other program files on disk.
Examples: Invader, Flip, and Tequila

Stealth viruses -These viruses use certain techniques to avoid detection. They may either redirect the disk head to read another sector instead of the one in which they reside or they may alter the reading of the infected file's size shown in the directory listing. For instance, the Whale virus adds 9216 bytes to an infected file; then the virus subtracts the same number of bytes (9216) from the size given in the directory.

Polymorphic viruses - A virus that can encrypt its code in different ways so that it appears differently in each infection. These viruses are more difficult to detect.
Examples: Involuntary, Stimulate, Cascade, Phoenix, Evil, Proud, Virus 101

Macro Viruses - A macro virus is a new type of computer virus that infects the macros within a document or template. When you open a word processing or spreadsheet document, the macro virus is activated and it infects the Normal template (Normal.dot)-a general purpose file that stores default document formatting settings. Every document you open refers to the Normal template, and hence gets infected with the macro virus. Since this virus attaches itself to documents, the infection can spread if such documents are opened on other computers.
Examples: DMV, Nuclear, Word Concept.

Worm - A computer program that replicates itself and is self-propagating. The main difference between a worm and a virus is that viruses are intended to cause problems on stand-alone machines and attack boot sectors and files on the hard disk. Worms are specifically designed to permeate network environments. The most notorious worm was the Internet Worm of November 1988. It propagated itself on over 6,000 systems across the Internet.

Backdoor - A Backdoor is a program that opens secret access to systems, and is often used to bypass system security. A Backdoor program does not infect other host files, but nearly all Backdoor programs make registry modifications. Much fuss was made in Nov. 2001 when it was reported that antivirus software and fire wall manufacturers had created a backdoor for the FBI.

   

© LEV