This article's aim is to offer readers basic knowledge about computer viruses and confidence in protecting their computers. An important thing to keep in mind is that viruses can infect anything in your computers at anywhere, anytime.
Boot Sector Viruses
When your computer boots, a code in its boot disk will be executed. This code loads the operating system (Windows, Linux or Unix...). Only when this loading process is finished, can you use your computer. The code is called "Boot sector" and often stays at the very first sectors of the boot disk.
Viruses that infect Boot sector are called Boot sector viruses. These viruses are executed every time the infected computer boots and they are loaded even earlier than the operating system.
Nowadays, we can rarely see boot sector viruses around. The reason is just simple that their spread ability is too low and no longer compatible with the Internet age. However, Boot sector viruses are still a part of virus history.
A program/file infector attempts to infect the program files,most are in Windows, with extensions such as .com, .exe, .bat, .pif, .sys, etc. It gets activated along with the execution of executable files containing virus. The virus then loads itself into memory and replicates itself to other executable files when these files are run.
However, this kind of virus no longer appears or spreads on large scale.
If your computer is infected by File viruses, scan your hard disks with the latest updated AV program and contact the producer for advice and support.
Macro viruses infect document files (Microsoft Word), spreadsheet files (Microsoft Excel) or presentation files(Microsoft Power Point) of Microsoft Office suite. The codes programmed to supply more functions to Microsoft Office files are called macros. We can program a certain input sequence into a macro, and every time we use a programmed one, it will be instantiated into a specific output sequence. This helps users in doing repeated works.
Nowadays, marco viruses seem to be "extinct", and macros are no longer used in common . An deleting option namely "All Macros" is available in Bkav. When you tick this option, Bkav will delete all available macros in your computer, regardless of whether they are viruses or not (all macros and macro viruses are deleted). If you are not using macros or even don't care what macros are, you should tick it. Then, all old and new macro virus problems in your computer will be solved. If using marcos for work, you should untick it (Bkav will then delete macros viruses only).
The Horse of Troy – Trojan Horse
The term comes from a classic reference about the war between the Greeks and people in the city of Troy. The city of Troy was such a fortified citadel that the Greeks could not find a way to occupy it. The Greeks then found out a stratagem. They pretended to withdraw, leaving a huge wooden Horse at the city of Troy. The Horse was pulled into the city by the Trojans. That night the Greeks crept out of the Horse and occupied the city from the inside.
It is the stratagem that computer Trojans use. A Trojan horse (or Trojan)distinguishes from other viruses by its total non-replicability. By seducing the targeted user to run his program, or merging his Trojan with viruses (specially worms), the Trojan programmer has his Trojan penetrated and installed on the targeted computer . Then, the hacker uses his Trojan for stealing important information such as credit card numbers, passwords, etc or erasing data if it is programed.
Besides traditional stealing data Trojan horses, there are new defined Trojans for some specialized purposes :
Backdoor: Backdoor Trojans differ from other Trojans in that, after the installation, it opens a backdoor which allows hacker to remotely controlyour system and to send requests to his Trojan.
Adware and Spyware: They disturb users by attempting to change their browsers' default homepage or search page and flooding their systems with mass pop-ups. They penetrate computers when users unintentionally "visit" erotic or software cracking websites, etc. Adwares and spywares are also merged into untrusted free softwares or crack/keygen files.
Worms have the most massively and rapidly spreading ability at the time. They combine virus' destructive power and Trojans' silent stratagem. Those abilities have made worms the destroyers with ultramodern weapons. Two noticeable worm samples are Mellisa and Love Letter which paralyzed various server systems and blocked Internet connection lines.
Worms, at first, were denoted as replicable viruses by sef-interacting with the user's email program and sending themselves to addresses in the address book.
These addresses are often of the users' friends, relatives, customers, etc. It is dangerous that worms may forge email addresses of the users or anyone else. Moreover, worms often insert hot or attractive news into email messages for seducing receivers to open the attached files. Some worms even use the real mail contents from the user's address book to make the fake ones, which seem to be more "real", to cheat the receivers. Worms do these things without the users' knowledge. The same processes are repeated on receivers' computers. Thus, worms can spread at geometric progression all over the world. This explains how Mellisa and Love Letter could infect millions of computers in a few hours. The name "Worm" gives us an imagination of computer viruses "crawling" from this computer to other ones on Internet "tree branches".
With such a wide and rapid infection, worms are often integrated with some special abilities, such as setting time for zombie computers (millions of computers) to perform a flat attack to an address. Besides, worms can bring and drop some backdoors on the user's computer, allowing hackers to make unauthorized access and do anything they want.
Nowadays, the term "Worm" is extended to include viruses infected through "peer to peer" network, USB drives or chat services and specially viruses infected through software vulnerabilities. Softwares (specially operating systems and services included) often have potential vulnerabilities (such as buffer overflow vulnerability) which are not easy to find out. Once a vulnerability is found out, soon after, new worms exploiting it appear. These worms infect some computers and then crawl from infected ones to others.
A rootkit is a software system that consists of one or more programs designed to obscure the presence of processes and files that the hacker wants.
A rootkit has the ability to obscure processes, files and data in registry (to Windows), making popular system tools such as "Registry Editor", "Task Manager", "Find Files" unable to detect these files and processes.
Besides, a rootkit can log the Internet connection figures, track the keys struck (as a keylogger). Rootkits may be used for good purposes, but in many cases they considered as Trojans for their behaviors such as sniffing or obscuring malicious processes.
Basing on their activity level in the systems, there are two main kinds of rookits:
Rookits at application level: These rootkits work as normal applications such as Microsoft Word and Excel. They often apply some functions such as hooking, code injection, file faking... to interfere with other applications and obscure processes, files, registry, etc.
Rootkits at kernel level: These rootkits work as kernel drivers such as graphic controller or sound controller. They work at low level in the system, thus, have powerful interference in the system.
It is extremely hard for a normal user to detect the Rootkit working in the data/system memory. In this case, the user should seek professors' supports.
If your computer has unusual incidents or signs of viruses, but your virus scanning processes and Task Manager can detect nothing, your computer may have been infected with Rootkit. You should contact Internet security centers for professional advices.
We have told you some brief information about history and classification of viruses in order to offer you a correct view about computer viruses. We hope they would help you in protecting your computers from viruses.