Trojan Horses - like their namesake, try to tempt or trick the user into activating the program themselves. They have innocent names, like ‘IMPORTANT.EXE’, README.EXE’,’URGENT.EXE’, or appear to be a game or application. The user clicks on them and releases the payload.
Worm Viruses - Usually found on intranets or Internets, these files would gather information as they sat on the system. Maybe recording passwords or access codes when they were typed in, or leaving ‘back doors’ open, allowing for authorized accesses. Another type of worm virus is a file that just keeps replicating itself over and over. By constantly reproducing itself it can slow a computer or an entire network to a standstill.
All these types of miscreant software are often lumped together and called viruses. And, a lot of viruses do contain these in some form or another. However, a true virus usually has a ‘host’ file. In other words, it can attach itself to a file already on your system. It has the ability to clone itself. It can reproduce itself and infect other files or drives and computer systems. Viruses can also hide themselves from detection in several different ways.
How Viruses Avoid Detection
Encryption - Virus detection programs will look for programming code that allows programs to replicate or clone. This is one way that it searches for and recognizes possible viruses. Using encryption, virus programs can change from replication code and back, trying to avoid this type of detection.
Polymorphism - Another way that a virus can be detected is by its signature. Each virus has a signature, or a piece of code that is specific to that individual program. Virus detection programs look for these signatures when scanning the files on your drive. Polymorphic viruses are created with the ability to change their signature each time they clone or reproduce.
Stealth - Detection programs note the characteristics of files and watch for any changes, which might indicate infection. When a Stealth virus infect a file, it can modify the characteristics of that file so that it still reports that same date, time, checksum, and size. It can also monitor the Operating systems call for a file and remove itself temporarily, or load an uninfected copy of the file that it has made for just that purpose.
Viruses Targeted Mainly the Following
Boot Sector Viruses - write themselves into the Boot Sector of a Hard or Floopy Diskette. Every disk has a boot partition that contains coded information.The hard drive has a Master Boot Record that contains partition information as well as another boot record for the operating system. The boot sector on bootable floppy disk contains that code necessary to load the operating system files. The boot sector on a non-systems disk contains the information that will display the message ‘Non-systems disk or disk error, remove and press any key when ready’. The boot sector of an infected floppy contains the coding that will infect the hard drives partition sector.
If an infected floppy is left in the drive at boot up, it loads the virus into memory and copies itself to the partition sector of the hard drive. Now, every time the computer is booted from the hard drive, the virus in