Oftentimes, you hear reports of a computer virus outbreak, or malware outbreak on the news or from other sources. Unfortunately, most of these reports identify these malware incorrectly. We realize that news agencies aren’t IT security professionals. However, this multi-part article will properly define various malware. We will begin with the most common malware known as the VIRUS.
Before we begin, we need to define malware. Malware (Malicious Code) is a type of software designed to take over or damage a computer, without the user’s knowledge or approval.
VIRUS:
A virus is just one type of malware. It is a program that tries to damage a computer system and replicate itself to other computer systems. In order to spread, however, a virus requires a “replication mechanism”. In other words, it requires a host such as a document, picture, movie, game, etc.
Now, a key characteristic of a virus is that it only replicates or activates when an “activation mechanism” is triggered. For example, every time you open an infected file, or program, the virus activates.
Virus are typically programmed with some objective which is usually to destroy, compromise, or corrupt data on the system.
Now that we have defined a VIRUS, let’s talk briefly about the different kinds of viruses.
- A stealth virus resides in low-level system service functions where they intercept system requests and alter service outputs to conceal their presence.
- A multipartite virus is a combination of multiple attacks.
- A macro virus takes advantage of application programs that use macros (mini programs) to automate repetitive functions. A macro virus can infect the documents related to the program and then spread itself to other machines via the document. Macro viruses run when the file is opened. Some examples of programs that use macros are: Microsoft Office(Word, PowerPoint, Excel), OpenOffice (Writer, Calc, Impress), and many other Office programs and suites.
- A polymorphic virus mutates while keeping the original algorithm intact. When this virus gets on your system, it essentially creates mutations of itself in order to attempt to hide it’s presence on your system.
- A retro virus tries to destroy virus countermeasures by deleting key files that antivirus programs use. Think of this virus as an anti-anti-virus software.
- An armored virus is designed to make itself difficult to detect or analyze by covering itself with protective code. These types of viruses may also protect itself from antivirus programs, making it more difficult to trace. To do this, it tricks the antivirus program into believing its location is somewhere other than where it really is on the system.
- A companion virus attaches itself to a legitimate program and then creates another program with a different file extension. When the legitimate program runs, the companion virus executes instead of the real program.
- A phage virus rewrites your programs and infects all the files associated with that program. Its objective is usually to delete or destroy every program it infects.
Shew, that’s a lot of viruses. It’s sometimes very difficult to remove these viruses, so the best defense is prevention. Keep your systems updated with the latest patches for all software you run, and ensure you have the latest anti-virus software definition updates. This can be a daily job, especially if you have multiple systems. Alternatively, you can hire a computer support and maintenance company to keep things in check for you.
Stay tuned for our next article where we will cover the WORM type of malware and how to prevent infection. Or, you can subscribe to our newsletter using the form below and have our informative articles delivered to you via email once a week.