A virus is a malicious program which is developed to infect vulnerable systems, gain admin control and steal user sensitive and personal data. Attackers behind viruses have a malicious intent and prey on users by tricking them. Viruses usually self-replicates itself by copying to another program. It could be also said that viruses distribute by injecting their malicious executable codes into other files or documents. A successful virus breach can damage the system and its resources and software. A virus is also able to modify and delete key functions or applications, copy, remove or encrypt data. There are two types of viruses including sophisticated viruses and polymorphic malware. Sophisticated viruses come with evasion capabilities to avoid detection by antivirus engines, while polymorphic malware enables viruses to dynamically change its code as it spreads. The first known computer virus was developed by an engineer at BBN Technologies, Robert Thomas in 1971. The first virus was dubbed the Creeper virus. The engineer carried out an experimental program by infecting ARPANET. The Creeper virus displayed a message on the screens:
I’m the creeper: Catch me if you can.
The first virus in the wild to be tracked down is Elk Cloner. The virus infected Apple OS through floppy disks. The virus was developed by Richard Skrenta in 1982. Elk Cloner displayed a humorous message on the infected Apple computers.
Elk Cloner: The program with a personality It will get on all your disks It will infiltrate your chips Yes, it's Cloner! It will stick to you like glue It will modify RAM too Send in the Cloner!
Interestingly, viruses were designed as pranks, however, nowadays, attackers behind computer viruses use them for malicious purposes such as generate profits by tricking users.
Most common types of computer viruses
A virus is a type of malware that infects the system via its malicious code and multiply itself by altering programs and applications. Therefore, the system is infected through the replication of the code.
File infector viruses are those that infiltrates itself in the system via attacked program files, such as .com and .exe files. File infectors are also capable of infecting those programs for which execution is requested such as .sys, .ovl, .mnu and other similar files. Once the infected program is launched and loaded, the virus is also loaded. File infectors also can come as a program or a script attached in emails.
Macro viruses target macro language commands in programs. Such programs include Microsoft Word. For example, in Microsoft Word, the macros are keystrokes embedded in the files or saved for commands. These types of viruses are capable of inserting their malicious code to the legitimate macro sequences in a file. In recent years, attackers began to use engineering schemes to target users by tricking them to enable macros. Microsoft Word has added the new feature in Office 2016 in order to protect users against macro viruses. The feature enables security managers to enable macro use only for trusted workflows.
Overwrite viruses are designed mostly to destroy a file or application data. As you can guess it by its name, overwrite viruses starts to overwrite files with its own code after infected the system. These types of viruses are able to target specific files and programs or systematically overwrite all infected files. The overwrite virus spread itself by installing a new code in the files and programs and spread the virus to additional files on the infected system.
As it was mentioned before, polymorphic viruses are capable of changing and mutating its underlying code without modifying its features and functions. This way, polymorphic viruses are avoiding detection by antivirus and anti-malware engines. This type of viruses is carefully crafted to avoid detection and identification. Once the antivirus engine detects a polymorphic virus, it is able to modify itself. As a result, the antivirus engine is not able to detect it using the previous signature. More and more cybercriminals and attackers are depending on polymorphic viruses.
Resident viruses are able to implant itself in the system memory. In this case, the virus does not need to infect new files and programs. Resident viruses can be removed, but the version stored in memory can still be enabled, once the computer’s operating system loads certain programs or features. These viruses can run unnoticed by antivirus engines because they are hiding in the system’s RAM.
Rootkit viruses secretly infect the system by using a malicious rootkit. Rootkit viruses allow attackers behind them to get a full control of the infected system, such as modify or disable functions and programs. Rootkit viruses are very sophisticated and created to avoid detection.
System or Boot-record Infectors
System or boot-record infectors are able to infect executable code found in specific system locations. This type of viruses attaches to the USB thumb drives and DOS boot sector on diskettes or the Master Boot Record on hard disks. Boot infectors are no longer common and that dangerous as they used to be, as the latest devices do not rely on physical storage media.
Virus distribution methods
Different types of viruses spread using different methods. The following methods are the most common to the certain types of viruses.
- Boot Sector Virus – mostly spreads through removable media.
- Direct Action Virus – also called non-resident virus that gets installed or stays hidden in the system memory, and stays attached to the infected type of file.
- Resident Virus – gets installed on the system.
- Multipartite Virus – multipartite viruses are distributed using various methods. These viruses infect the boot sector and executable files.
- Polymorphic Virus – polymorphic viruses are capable of altering its signature pattern whenever replicates.
- Overwrite Virus – overwrite viruses are commonly spread through email attachments.
- Spacefiller Virus – are also known as Cavity viruses due to their capability to fill up the empty spaces between the code