Everyone dreads being the recipient of a computer virus, but not everyone minds studying them. There are researchers who spend a lot of time looking into different types of computer viruses and related security threats in order to determine how they’re programmed, how they do damage, and how they spread. Personally, I find this field interesting, and I enjoy reading about the different types of viruses in existence.
But even if you don’t know much care, basic knowledge about security threats can be useful. It’s sometimes hard to know how a risk must be dealt with before you know its consequences. With a computer virus, however, the consequence is sometimes complete loss of your data or identity theft – so it’s best to learn sooner rather than later!
Boot Sector Virus
The term ‘boot sector’ is a generic name that seems to originally come from MS-DOS but is now applied generally to the boot information used by any operating system. In modern computers this is usually called the ‘master boot record,’ and it is the first sector on a partitioned storage device.
Boot sector viruses became popular because of the use of floppy disks to boot a computer. The widespread usage of the Internet and the death of the floppy has made other means of virus transmission more effective.
This type of virus, which can spread itself in numerous ways including voluntary download, effectively hijacks certain browser functions, usually in the form of re-directing the user automatically to particular sites. It’s usually assumed that this tactic is designed to increase revenue from web advertisements.
There are a lot of such viruses, and they usually have ‘search’ included somewhere in their description. CoolWebSearch may be the most well known example, but others are nearly as common.
Direct Action Virus
This type of virus, unlike most, only comes into action when the file containing the virus is executed. The payload is delivered and then the virus essentially becomes dormant – it takes no other action unless an infected file is executed again.
Most viruses do not use the direct action method of reproduction simply because it is not prolific, but viruses of this type have done damage in the past. The Vienna virus, which briefly threatened computers in 1988, is one such example of a direct action virus.
File Infector Virus
Perhaps the most common type of virus, the file infector takes root in a host file and then begins its operation when the file is executed. The virus may completely overwrite the file that it infects, or may only replace parts of the file, or may not replace anything but instead re-write the file so that the virus is executed rather than the program the user intended.
Although called a ‘file virus’ the definition doesn’t apply to all viruses in all files generally – for example, the macro virus below is not referred to by the file virus. Instead, the definition is usually meant to refer only to viruses which use an executable file format, such as .exe, as their host.
A wide variety of programs, including productivity applications like Microsoft Excel, provide support for Macros – special actions programmed into the document using a specific macro programming language. Unfortunately, this makes it possible for a virus to be hidden inside a seemingly benign document.
Macro viruses very widely in terms of payload. The most well known macro virus is probably Melissa, a Word document supposedly containing the passwords to pornographic websites. The virus also exploited Word’s link to Microsoft Outlook in order to automatically email copies of itself.
While some viruses are happy to spread via one method or deliver a single payload, Multipartite viruses want it all. A virus of this type may spread in multiple ways, and it may take different actions on an infected computer depending on variables, such as the operating system installed or the existence of certain files.
Another jack-of-all-trades, the Polymorphic virus actually mutates over time or after every execution, changing the code used to deliver its payload. Alternatively, or in addition, a Polymorphic virus may guard itself with an encryption algorithm that automatically alters itself when certain conditions are met.
The goal of this trickery is evasion. Antivirus programs often find viruses by the specific code used. Obscuring or changing the code of a virus can help it avoid detection.
This broad virus definition applies to any virus that inserts itself into a system’s memory. It then may take any number of actions and run independently of the file that was originally infected.
A resident virus can be compared to a direct payload virus, which does not insert itself into the system’s memory and therefore only takes action when an infected file is executed.
Web Scripting Virus
Many websites execute complex code in order to provide interesting content. Displaying online video in your browser, for example, requires the execution of a specific code language that provides both the video itself and the player interface.
Of course, this code can sometimes be exploited, making it possible for a virus to infect a computer or take actions on a computer through a website. Although malicious sites are sometimes created with purposely infected code, many such cases of virus exist because of code inserted into a site without the webmaster’s knowledge.