One of the most common misconceptions about computer viruses is that they’re often mistaken for Trojans and worms. The truth is that viruses are just one type of attack that cybercriminals use to infect your device. And they work differently from Trojans and worms. The only similarity between these three malicious programs is that they can cause serious damage to your computer. One of the best ways to protect yourself from computer viruses, Trojans and worms is to learn the difference between them. This way you can deal with each one effectively.
What Are Computer Viruses?
Computer viruses are effectively tiny programs that will change the way your computer works. The changes they make are so small that you probably won’t even notice them.
Here are the two distinguishing factors of a virus:
- A computer virus is self-executing. This means it’ll interrupt another program in order to put its own code in the execution path.
- It’s self-replicating. For instance, a computer virus has the ability to infect entire network servers and multiple desktop computers. This is done by launching other executable files.
A lot of computer viruses can cause serious damage to a computer. They do this by reformatting the device’s hard disk, deleting files and even damaging the software. Other computer viruses are programmed to self-replicate in order to present fake audio messages, video and text. It’s worth noting that seemingly benign viruses can wreak havoc on your computer. This is because they’re very stealthy and will often take up a lot of storage space on your device that should be reserved for legitimate programs.
That’s why computer viruses often lead to computer crashes and erratic behavior. Plus, a lot of viruses come with harmful bugs that cause data loss and system crashes.
The following is a list of the five most common computer viruses:
1. File Infector Virus
This type of virus specializes in program file infections. It can infect .exe and .com files easily as well as any other file that’s running from an infected network, hard drive or floppy disc. A lot of computer viruses that we see are memory resident which means they will infect any uninfected executable if you have an infected memory. Cascade and Jerusalem are clear examples of file infector computer viruses that can cause this kind of damage.
2. Master Boot Record Virus
This one is memory resident and works similarly to a boot sector virus. However, master boot viruses will store an actual copy of the master boot record separately. Once infected, a Windows NT computer will not be able to boot at all because the operating system is struggling to access boot information. This means Windows NT systems that are configured FAT partitions are more likely to remove the virus through the use of relevant antivirus software and DOS botting. You may also use three Windows NT Setup disks to recover the system if you find an NTFS boot partition. Some of the most common master boot record viruses include Unashamed, AntiExe, and NYB.
3. Boot Sector Virus
A boot sector virus can damage the entire system area of a particular disk. This goes for hard disks and floppy disks alike. Hard disks and floppy disks have a tiny boot record program that operates from the time the computer starts. So, as soon as the disk boots up, the virus will piggyback onto it and activate as soon as the user starts up the infected disk. Boot sector viruses are also memory resident, and they can infect any type of operating system.
4. Macro Virus
Macro computer viruses primarily infect the data files in your computer. They’re incredibly common and very expensive to repair and get rid of. Ever since Microsoft Office 97 came out with Visual Basic, virus creators have been able to develop micro viruses that can infect Microsoft Office programs like PowerPoint, Word, Access, and Excel. However, newer types of this virus have been written, which can be inserted into other programs.
A lot of these viruses have the ability to leverage the existing internal programming language of the host program. These programs are incredibly easy to create which is why they’re so prevalent. In fact, there are literally thousands of them in circulation at any given time, and the most common ones are W97M Groov, NiceDay, WM, and W97M Melissa.
5. Multipartite Virus
Multipartite viruses can infect program files and boot records, and they’re incredibly hard to repair. It’s important to clean both the files and the boot area if you are to remove the infection completely. Some of the most common multipartite viruses include Tequilla, Anthrax, Emperor and One_Half.
What Are Worms?
A worm is a type of self-replicating program that can hop from one system to another without so much as a host file. Worms work by releasing an infected document into a particular network of computers and a good example of this would be the PrettyPark Worm.
What Are Trojan Horses?
As the name implies, a Trojan horse is a malicious file that poses as if it’s something else. Unlike viruses, Trojan horses are unable to self-replicate. However, they do contain malicious code that can cause data loss, data theft and a whole lot of other damage. Trojan horses will often enter your computer under false pretenses.
Hackers use attachments to deliver Trojan horses in legitimate-looking email messages. A trojan horse includes Trojan, Gen, and Trojan Horse. Gen 2 actually refers to a whole variety of Trojan horse viruses while Trojan Sload is a designation that refers to a particular threat which shows certain characteristics and/or behaviors.
What Are Blended Threats?
A blended threat is a threat that includes Trojan horses, worms, malicious code and viruses all in one in order to initiate a coordinated attack on a server or Internet network. Through the use of more than one technique and method, a blended threat has the potential to spread rapidly and cause irreparable damage to multiple devices.
Some of the most common symptoms of a blended threat include:
- It inflicts harm
- Initiates a Denial of Service (DoS) attack targeted at a particular IP address, it impairs Web servers, and can even implant hidden Trojan horse programs that’ll activate at a later stage.
- Uses multiple methods to propagate
- Looks for different vulnerabilities within a system in order to infiltrate and compromise it. This includes techniques such as infecting visitors that go to a compromised website, embedding infected code in server HTML files, and using a worm attachment to infect devices via a legitimate-looking email message.
- It’s a concerted attack that comes from multiple fronts.
- Inserts malicious code into a system’s .exe files, increases a guest account’s privilege level develops writeable and read network shares, inserts HTML file script code and creates multiple changes to the registry.
- Propagates pretty much on its own with very little oversight.
- Scans through the Internet constantly to find vulnerable servers that are easy to attack.
- Exploits several vulnerabilities like known default passwords, HTTP input validation, buffer overflow and much more to gain access to device administration.
Protecting yourself from blended threats means that you must employ multiple security solutions which include concerted defense and response tools.
What Are Expanded Threats?
An expanded threat refers to an executable that’s targeted at certain software or applications through a related software program, whether interdependent or dependent.
An expanded threat typically shows the following symptoms:
- It’s non-viral in that it doesn’t usually spread of its own volition and it works differently from a Trojan horse or a worm. However, it’s definitely an expanded threat.
- It’s a threat that Symantec has received information about from a number of individual and corporate users at the same time period. Of course, there might be variations in the number and timeframe according to the individual threat.
- Can cause a general nuisance that meets the criteria of certain threat category. It may also show behavior that’s new and undefined according to the existing expanded threat category list.
What Are Virus Hoaxes?
Virus hoaxes often come in the form of email chains that come with the following characteristics:
- Receipt of an email with the title [email virus hoax name here], don’t ever open it!
- Delete the email as soon as you see it!
- It usually comes with the [hoax name] virus.
- It will literally obliterate your entire hard drive.
- Today, this virus was publicized by [name of a reputable organization here].
- Forward this message to everyone in your network!
A majority of virus hoax warnings follow these exact same patterns and they’ve become increasingly common.
What is Not a Virus?
Due to the increased popularity of computer viruses, most device owners are quick to blame regular computer issues on viruses.
The following issues are just normal problems that probably don’t have malicious codes or a virus behind them:
- Hardware issues. No virus is powerful enough to cause physical damage to your computer hardware including the monitor, boards, and chips.
- Startups problems that involve blank screen display. This issue usually arises as a result of a boot problem in the hardware. Check your computer’s user manual to help you decipher the beep codes you see.
- A computer that’s unable to register regular 640 KB of memory. This might be caused by a virus but other issues may be at play as well. Check in with your hardware vendor or computer manufacturer to find out what’s using up so much of your computer’s memory.
- Only one of the two antivirus programs installed on your computer is reporting a virus. This could point to a legitimate virus warning or it could mean that one of the antivirus programs is seeing memory signatures from the other program. That’s why you should think twice before running multiple antivirus software on the same computer.
- Microsoft Word gives you a warning about a macro in a specific document file. The macro is not necessarily a virus.
- You’re struggling to open a document. This doesn’t mean that you’ve got a virus. Open another document and see if the problem persists. Sometimes, it’s just that one document that’s damaged.
- Seeing changes in your hard drive labeling. Just activate the command prompt’s “label” command to assign a label.
Safe Computing
It’s not surprising that with all these different threats, people are becoming increasingly paranoid, thinking that there must be computer viruses everywhere. But, there are methods that you can apply to protect your device from infection. Safe computing is one of the most comprehensive ways to do this.
- Don’t open email attachments if you’re not familiar with its source.
- Verify email sender before opening an attachment. It’s not uncommon for threats to come from seemingly familiar email addresses.
- Avoid setting your email to “auto-run” the attachments in your email messages.
- Continuously update Microsoft security.
- Perform regular data backups. Store write-protected media somewhere safe like in an external hard drive outside of your computer.
Terms You Should Be Familiar With
• Advanced Persistent Threats (APT)
This is a collection of stealthy and unceasing hacks that an individual or a group of individuals with the same intentions can initiate. APTs typically target organizations for political or business reasons. An APT endeavor usually occurs over a long period of time and it’s hard to spot because it’s an incredibly covert operation.
• Adware
Adware is what you see when you try to install certain programs on your computer. Developers make adware to collect revenue every time online ads appear on someone’s user interface. This software has the ability to generate revenue when someone clicks on the ad and also through the mere display of the ad.
• Backdoor
Backdoor means accessing a system through undocumented means. It’s like breaking and entering but on a computer. Original programs or gaps in a system make way for many backdoors. Cybercriminals usually use backdoors in order to access an already compromised system.
• Bootkit
Bootkit is a type of malware that changes a hard drive’s boot sectors including the Volume Boot Record and the Master Boot Record. Cybercriminals leverage bootkits as part of a concerted attack on a particular system. You can’t easily spot it because it takes place beneath the operating system.
• Browser Hijacker
This type of software has the ability to change the settings of your web browser without you even knowing about it. It can also insert unwanted ads in your browser that are not only annoying but can take over the search engine, error pages, and home page. These attacks will divert user attention to a particular website in order to increase said website’s revenue. Browser hijackers are usually browser toolbars that enter through file downloads and email attachments.
• Crimeware
Crimeware automates cybercrime. It works differently from adware and spyware in that it can infiltrate identity theft through technical stealth and social engineering. These methods are used to obtain a user’s retail account and financial details as a means of performing unauthorized transactions and illegally taking funds away from said accounts. Crimeware may also be used to steal sensitive business data and confidential information.
• Denial of Service (DOS) Attacks
DOS attacks deny customer service to a particular website or individual.
• Executable File
This type of attack occurs when a computer file activates if a user clicks on a particular command or file icon.
• Exploit
This is a methodology, command or software that hackers use to take advantage of existing security vulnerability. Perpetrators aren’t always malicious in their intent but they can be used to show just how vulnerable a particular system is. They’re also an essential aspect of regular malware.
• Instant Messaging
Cybercriminals can use apps that we use for business or personal communication to introduce computer viruses and similar threats. These apps foster file transfers, video transfers, as well as audio and text chat collaboration.
• Internet Relay Chat
This is a chatting system that’s made up of different rules and conventions based on client/server software.
• Keyloggers
This is when a cybercriminal covertly records the keystrokes of a particular user in order to retrieve and use the data for malicious purposes. Keyloggers can come in the form of hardware or software.
• Malicious Crypto Miners
This type of software has the ability to solve extremely elaborate mathematical calculations for the purpose of getting huge wads of cryptocurrency. Crypto mining is nothing new in and of itself and it can be done through mining pools or by an individual miner. Mining software requires electricity and CPU resources in order to work. A miner can use mining software to automatically generate revenue passively until someone finds it and removes it.
• Malicious Mobile Code
This type of software is designed to cause harm and it can change hands from remote to local host easily before it’s executed on the local host. It does all of this automatically without the original user giving out instructions. Languages like VBScript, JavaScript, ActiveX and Java are commonly used in creating malicious mobile code.
• Payload
This is an aspect of data transmission that has the potential to carry malware like computer viruses and worms that eventually perform malicious action such as encrypting data sending spam and deleting data.
• POS Malware
Cybercriminals use this type of malicious software at POS terminals in order to get debit and credit card information from unsuspecting shoppers. It reads the memory of checkout POS devices. This includes encrypted card information which the malware transmits to the cybercriminal directly.
• Rootkit
This type of program is used to intercept and change the API calls of a particular operating system in a process that effectively hides the malware altogether. Rootkits often live at an operating system’s kernel level or even lower and they include system firmware, master boot record, and hypervisor. They can also hide other drivers, system components, services, network connections, files, and programs. Rootkits are a common occurrence in different operating systems like MAC OS X, Linux, and even Windows.
• Social Engineering
Social engineering is the process through which cybercriminals use perceived trust in order to elicit information from targeted individuals and organizations. For example, you might receive an email or a call from a seemingly reputable company asking for authorization to access information or systems within your organization.
• Spyware
As the name implies, spyware has the ability to spy on user information and activity without their knowledge or consent. The gathered data may then be used to plan an attack or control a user’s device without their knowledge.
• Unwanted Applications
These are seemingly unwanted software that includes browser hijackers, spyware and adware. Companies may also combine authorized program downloads with a wrapper application that includes unwanted applications. A clear opt-out option is usually missing in a lot of cases.
• Web Crawlers
This type of program has the ability to save page links, content, index data, and Internet browsing information. Web crawlers are good at validating search engine queries and HTML code for the purpose of identifying dead links or new web pages.
• Wipers
This is a destructive malware that can literally infect your entire master boot record, wipe away disk information and more using an encrypting payload. Wipers leave the end user’s component or process practically useless.
Conclusion
After reading all of this terms, it is time to think about your device security!
We definitely recommend you Defencebyte software. This software can identify and remove all browser hijacks so you can freely browse the Internet once again without any worries.
Don’t hesitate to drop us a comment if you have anything unclear regarding computer viruses.
