- Virus Definitions -
Viruses have many different names and are distributed in many different forms. The virus files themselves that are circulating the Internet and infecting PCs all have unique names and even have multiple variations of each virus. There are also different categories of virus and threats such as Trojans (see lower down the page), Spyware and Adware and other such dangers. But all these threats that generally produce a damaging or detrimental effect to your computer run under the name of Malware or Malicious Software. There are too many causes and effects to list, but a definition of the main culprits are listed below.
VIRUS - A program that is created to attack other programs or software on a computer and designed to spread and infect other data on a computer. In this way computer viruses are not dissimilar to real world viruses. Computer viruses tend to be classified as a virus by their ability to infect a program and duplicate itself whenever the virus program is run or accessed. The virus would then infect more data or software, and then replicate itself again when it is run or accessed and keep going until it has overrun everything. A virus does not have to be malicious or damaging to be classed as a virus, but only needs this trait explained above. When a virus infects software it will modify it in some way as specified by the virus producers when they wrote the programming code. Sometimes the virus will do nothing more than spread from PC to PC with no visible effects or reason to do so. Other viruses do have damaging effects and when they become active and unleash whatever they have been designed and coded for, this is called a 'payload'. Viruses might not unleash the payload until they have fulfilled a certain criteria such as meet a certain date or time, until the virus has replicated itself a certain number of times, or on command from a remote user via the Internet.
WORM - Worms are dedicated to spreading between computer networks via security holes and vulnerabilities. They can work over a LAN (Local Area Network) or WAN (Wide Area Network such as the Internet) and don't need to attach themselves to any particular software or programs like a generic virus would. There are different types of worms such as 'Host Worms' and 'Network Worms'. Host Worms spread from PC to PC deleting any traces of itself as it goes so there is only one copy of the particular worm at a time. This method decreases the chance of being found by Anti Virus software. The other type of worm is a Network Worm which spreads from PC to PC in segments or divisions. Sometimes one of the segments could be classed as a 'brain' that controls the other tentacles that spread in smaller segments through and across the network. A Famous worm called CODE RED recently spread itself since its activation and replicated itself 250,000 times in just 9 hours on July 19th 2001. This virus did have a payload, and it was designed at 00:00 on July 20th 2001 to have all instances of the virus simultaneously ping the white house server on a particular IP address which would clog the white house computer systems up. Luckily this was detected before the virus could unleash the payload and the white house changed their IP address. This worm actually had the potential to slow down the whole Internet to a grinding halt causing massive disruption to all computer systems, businesses, and markets relying on the Internet.
TROJAN - Trojans are usually disguised as a program of some description, and rely on the user to run or execute the installation. The Trojan may be a self contained exe file, or it can be hidden within a larger file that has a real purpose. Trojans are non replicating and are quite often very malicious having almost instant payloads and can allow high risk activities such as off-site hacking, controlling of the PC, spying and data gathering. Trojans are notoriously difficult to remove from a PC employing stealth tactics to hide the core program which many virus scanners cannot find. This will result in the virus scanner encountering repeat attacks and preventing the program from running but never removing or cleaning the PC from the Trojan. Sometimes the Trojan will install instead of the the software it pretends to be, and sometimes it may install both the Trojan and the desired program without your knowledge similar to a companion virus. Trojans can also open up communications to the creators of the Trojan virus, or groups of people who have the Trojan client program, or in some cases publish your details on the web for anyone to see. This information can be secure data on your computer, passwords entered into your PC or web sites on the Internet, bank details, modify data on your machine without your knowledge, listen to and record your microphone conversations and send spam emails from your mail address meaning you can be black listed on world wide Internet servers.
VIRUS - A program that is created to attack other programs or software on a computer and designed to spread and infect other data on a computer. In this way computer viruses are not dissimilar to real world viruses. Computer viruses tend to be classified as a virus by their ability to infect a program and duplicate itself whenever the virus program is run or accessed. The virus would then infect more data or software, and then replicate itself again when it is run or accessed and keep going until it has overrun everything. A virus does not have to be malicious or damaging to be classed as a virus, but only needs this trait explained above. When a virus infects software it will modify it in some way as specified by the virus producers when they wrote the programming code. Sometimes the virus will do nothing more than spread from PC to PC with no visible effects or reason to do so. Other viruses do have damaging effects and when they become active and unleash whatever they have been designed and coded for, this is called a 'payload'. Viruses might not unleash the payload until they have fulfilled a certain criteria such as meet a certain date or time, until the virus has replicated itself a certain number of times, or on command from a remote user via the Internet.
WORM - Worms are dedicated to spreading between computer networks via security holes and vulnerabilities. They can work over a LAN (Local Area Network) or WAN (Wide Area Network such as the Internet) and don't need to attach themselves to any particular software or programs like a generic virus would. There are different types of worms such as 'Host Worms' and 'Network Worms'. Host Worms spread from PC to PC deleting any traces of itself as it goes so there is only one copy of the particular worm at a time. This method decreases the chance of being found by Anti Virus software. The other type of worm is a Network Worm which spreads from PC to PC in segments or divisions. Sometimes one of the segments could be classed as a 'brain' that controls the other tentacles that spread in smaller segments through and across the network. A Famous worm called CODE RED recently spread itself since its activation and replicated itself 250,000 times in just 9 hours on July 19th 2001. This virus did have a payload, and it was designed at 00:00 on July 20th 2001 to have all instances of the virus simultaneously ping the white house server on a particular IP address which would clog the white house computer systems up. Luckily this was detected before the virus could unleash the payload and the white house changed their IP address. This worm actually had the potential to slow down the whole Internet to a grinding halt causing massive disruption to all computer systems, businesses, and markets relying on the Internet.
TROJAN - Trojans are usually disguised as a program of some description, and rely on the user to run or execute the installation. The Trojan may be a self contained exe file, or it can be hidden within a larger file that has a real purpose. Trojans are non replicating and are quite often very malicious having almost instant payloads and can allow high risk activities such as off-site hacking, controlling of the PC, spying and data gathering. Trojans are notoriously difficult to remove from a PC employing stealth tactics to hide the core program which many virus scanners cannot find. This will result in the virus scanner encountering repeat attacks and preventing the program from running but never removing or cleaning the PC from the Trojan. Sometimes the Trojan will install instead of the the software it pretends to be, and sometimes it may install both the Trojan and the desired program without your knowledge similar to a companion virus. Trojans can also open up communications to the creators of the Trojan virus, or groups of people who have the Trojan client program, or in some cases publish your details on the web for anyone to see. This information can be secure data on your computer, passwords entered into your PC or web sites on the Internet, bank details, modify data on your machine without your knowledge, listen to and record your microphone conversations and send spam emails from your mail address meaning you can be black listed on world wide Internet servers.- Types of Virus Threat -
FAST infecting viruses when first executed will load into the memory and infect any programs or files that are executed, as well as programs that are running in the background. For example, if you run the search utility on your PC, any file that comes into contact or made known to the virus is a target and an attempt to attack it will be made.
SLOW infecting viruses adopt a more subtle approach and will only attack files that are created or opened by the user specifically. This can sometimes fool the Anti Virus scanner into thinking the file change is a legitimate process actioned by the user and could be ignored by the scanner.
SPARSE infectors will have restricting set of rules of infection. For example it may only attack every 10th program run, or only attack files over a certain size. This minimises the chance of the viruses being detected.
STEALTH viruses are very hard to remove once they have infected a machine. They modify the program or file they infect and replicate the original file onto itself in a kind of blanket so when Anti Virus software scans it, it looks legitimate. It does however need to copy itself into the memory which is when it may get intercepted by the Anti Virus software. This does not however remove the source of the problem which is why you may sometimes get repeat attacks on your computer and even though it has been cleaned, the same viruses attack multiple times.
COMPANION viruses delay the program the user is trying to run for long enough to deposit the payload, and then continues to run the desired program as if nothing ever happened. Virus scanners which search for modified files will not find anything wrong with the legitimate program therefore decreasing the chance of the virus being found.
CAVITY viruses can look for a file in which dummy or non needed information can be over written whilst keeping the original file size the same. The virus will then infect the file with no visible file size change. This makes it less likely the user will notice any difference, and the Anti-Virus scanners may not see any threats either.
TUNNELLING viruses can backtrack through the operating system code right back the low level functions of the computer and install themselves there. This way they can execute 'underneath' the virus scanning software and have a degree of control over the Anti Virus program
DROPPER programs are similar to Trojan horses in the way that the actual file that is carrying the virus is not infected itself and will not be detected by virus scanners, but once run the dropper will decompress or extract and install the virus onto the computer.
POLYMORPHIC viruses are made with a variety of methods and coding or encryption means and change as they infect other files. This makes it very tough for an Anti Virus scanner to successfully detect and remove one of these viruses as they are composed of varied parts making complete removal a very difficult task.
MUTATION ENGINE viruses are types of polymorphic viruses that can transform other viruses into real polymorphic viruses by changing its source code and programming. So if several small relatively harmless viruses are installed on your machine, they have potential to be mutated into severe viruses that are difficult to remove.
- How Viruses Spread -
E-Mail attachments are a very common way of spreading viruses and worms. Looking at the e-mail and reading the text will not put your computer at risk from a virus attack, but viewing or opening the attachment does carry a large risk. It is never advisable to download anything or click on any links from an unexpected e-mail. It is also the recipient's responsibility to scan the e-mail attachment before opening.
Program installations are responsible for the distribution of Trojan viruses. The file that contains the Trojan may be a dummy file disguised as a game or software, and will install the Trojan without your knowledge. The file may also install the desired software along with the virus to disguise the fact that the file was infected.
System and Boot Record Infectors infect certain parts of the disk which are relied on to start-up the low level functions, such as starting the operating system (Microsoft Windows). From there they can go onto and infect any files involved in the start-up process potentially corrupting windows or spreading to otherwise unused areas of the disk. This method guarantees that the virus gets run or enabled without the fear of detection or removal. Fortunately this style of virus is not so common. Most of the boot sector viruses were transported by floppy disk when this was a common medium of data transportation. Due to technological advancements today's CD's are more frequently used and viruses cannot be transferred to a CD once it has been written.
- PC Disinfection Team -
The PC Disinfection team are based in Bristol in the United Kingdom. If you have a problem with a security threat, are concerned about your security level, or have any general questions that are not answered on this website, you can contact the PC Disinfection team and we will respond to you as soon as possible. Please see the contact details page for information on how you can contact us.
We can give you individual support on your problems by e-mail and if necessary, by phone or in person.
