A computer virus is defined as a malicious program or piece of code that self-replicates and in the process spreads itself to other executable files (Torres, 2017). Viruses are capable of corrupting system files, destroying data and wasting essential computer resources like Random Access Memory and storage space (Torres, 2017). Viruses can be spread through removable media, networks, emails, and downloads from the internet. Viruses can be classified based on how they infect the computer. Types of viruses include boot-sector viruses, file viruses, macro viruses, script viruses, email viruses, direct action viruses, memory resident viruses, non-resident viruses, polymorphic viruses, multipartite viruses, stealth viruses, sparse infector viruses, companion viruses, cavity viruses, armored viruses, and overwriting viruses.
Boot-sector viruses primarily infect the master-boot record ultimately loading concurrently with the operating system during start-up (Torres, 2017). They interfere with the booting process, data retrieval and can even delete partitions making computers unstable. Boot-sector viruses spread through physical media. An example of a boot-sector virus is the stoned-marijuana virus. Alternatively, file viruses or file-infecting viruses target executable files with the aim of permanently destroying them or rendering them unusable. A file-infecting virus replaces existing code with infectious code in an executable file (Torres, 2017).
Macro viruses infect macros usually associated with data files such as Word documents and Excel spreadsheets. (Sebastian, 2013). A macro is a set of commands used to automate tasks within an application a software program. Macro viruses can imitate harmless macros to perform a sequence of operations without the knowledge of the computer user. A classical example of a macro virus is the Melissa which opened Microsoft outlook, accessed the user’s email address book and subsequently sent email copies of itself to the first fifty contacts found (Torres, 2017). The difference between script viruses and macro viruses isn’t very clear. However, script viruses are commonly found in web pages and are executed when a user visits infected websites or opens infected email file attachments.
Email viruses are spread by opening a file attached to an e-mail or by opening an email whose body has been infected. An infamous email virus is the “I love you” virus. Direct Action Viruses embed into specific files commonly EXE or COM files and get propagated. After executing their functions, they self-delete. Direct action viruses are the most common type of viruses around. They are effortlessly created and the easiest to remove from computers. A well-known direct action virus is the Vienna virus which looks up for .com files and destroys vulnerable ones in the process of infecting them (Torres, 2017).
Memory resident viruses stay in the computer’s random-access memory making them quite dangerous as they are difficult to detect and continue to work even if its source has been neutralized. A notable memory-resident virus is the Jerusalem virus/ Friday 13th virus which concealed itself in the computer’s RAM and proceeded to delete programs on the Friday 13th while inflating the sizes of infected programs till they were impossible to run (Torres, 2017). Another type of virus is a non-resident virus which actively searches for files to infect either on removable, network or local locations after which they remove themselves from the memory (Sebastian, 2013). They don’t reactivate until the next infected host file is executed.
Polymorphic viruses refer to types of viruses that frequently mutate to avoid detection which maintaining its potential to cause harm. They attack new files using altered and encrypted copies of themselves. Polymorphic viruses vary code sequences and create different encryption keys rendering identification by antiviruses difficult (Husain & Suru, 2014). An example is the Satanbug virus which gave antivirus software a very difficult task with its nine levels of encryption (Torres, 2017). Stealth viruses disguise themselves from virus scanners by masking the size of the files they are hiding in or temporarily removing themselves from the infected files. They then copy themselves to another location and replace the infected file with an uninfected one. A prominent example is the Frodo virus.
Multipartite viruses are versatile by combining the powers of boot-sector viruses and file-infecting viruses (Torres, 2017). Ridding files of this virus does not in any way guarantee that the boot-sector is safe and vice versa. An example is the tequila virus which added itself to the hard disk, altered partition data and modified the Master Boot Record to redirect to it. Sparse infector viruses infect only occasionally after certain conditions are met. This enhances their ability to avoid detection. An illustration of this is a virus which becomes infective only after a file is executed for the 20th time (Texas State University, 2017).
Armored viruses are designed to shield themselves from analysis by making disassembly, tracing and reverse engineering of its code cumbersome (Texas State University, 2017). Companion viruses exploit a property of DOS that allows executable files with the same name bearing different extensions such as .com or .exe to be run based on different priorities (Texas State University, 2017). This type of virus may generate a .com file that is given more priority than an .exe file sharing the same name. In contrast, cavity viruses overwrite a section of host program files specifically targeting the empty spaces. This in effect does not increase the length of the file making the program functional while the virus shields itself from detection (SebastianZ, 2013). Overwriting viruses destroy their host files by copying their code over them. Despite antiviruses being capable of disinfection, recovery of the affected files is usually impossible (Texas State University, 2017).
- Husain. R & Suru.S (2014). An Advance Study on Computer Viruses as Computer architecture. Retrieved from http://www.academia.edu
- Sebastian, Z. (2013). Security 1:1 – Part 1 – Viruses and Worms | Symantec Connect Community. Retrieved from https://www.symantec.com/connect/articles/security-11-part-1-viruses-and-worms
- Texas State University (2017). Virus Types: Information Security Office: Texas State University. Retrieved from http://infosecurity.txstate.edu
- Torres, G. (2017). What Is a Computer Virus? | The Ultimate Guide to PC Viruses. Retrieved from https://www.avg.com/en/signal/what-is-a-computer-virus