Viruses

Computer Virus

• Made up of malicious code that's run on a machine without the user's knowledge and this allows the code to infect the computer whenever it has been run
• It was you installing the program and allowing that code to be run so that the virus can now start performing some malicious activities, including replicating across your network, deleting files and using valuable computing resources within your systems

10 Different Types of Viruses

• Boot Sector

  • One that is stored in the first sector of a hard drive and is then loaded into memory whenever the computer boots up
  • Very difficult to detect because they're installed before your OS boots up so it is able to hide itself from Software anti-virus
  • To find and remove these viruses, use an antivirus that specifically looks for boot sector viruses

• Macro

  • Form of code that allows a virus to be embedded inside another document so that when that document is opened by the user, the virus is executed
  • Common examples:
    • Microsoft word, excel, powerpoint files
    • "A function to add additional functionality to your documents"
    • Thread actors can add code to these documents too

• Program

  • Try to find executables or application files to infect with their malicious code
  • If you accidentally opened a program virus while browsing the internet, it can try to install itself into one of your programs like Word, that's already installed on your computer, this way every time you open up the infected application, it will then infect your computer each and every time you open it up.

• Multipartite

  • Combination of a boot sector type virus and a program virus
  • Able to place itself in the boot sector and be loaded every time the computer boots
  • It can install itself in a program where it can be run every time the computer starts up
  • That program starts everytime the computer is booted up
  • Even if a cybersecurity professional finds the program part of the virus and cleans it out from within the OS, they may have missed the boot sector portion

• Encrypted

  • Designed to hide itself from being detected by encrypting its malicious code or payloads to avoid detection by any antivirus software
  • Anti-virus can stop a lot of them as tech is more advanced

• Polymorphic

  • Advanced version of an encrypted virus, but instead of just encrypting the contents it will actually change the viruses code each time it is executed by altering the decryption module in order for it to evade detection
  • Morph the way the code looks, so that applicaitons do not detect it as malicious

• Metamorphic

  • Able to rewrite themselves entirely before it attempts to infect a given file
  • More advance version of a Polymorphic virus

• Stealth

  • Technique used to prevent the virus from being detected by the anti-virus software
  • Avoid detection by including things like encrypting its contents, modifying its payload, and other methods to avoid detection

• Armored

  • Have a layer of protection to confuse a program or a person who's trying to analyze it

• Hoax

  • Form of technical social engineering that attempts to scare our end users into taking some kind of undesirable action on their system
  • Technically not a virus
  • Example: Message that claims it is from the Microsoft support team and that you have a virus but you do not, you follow their actions and will actually get a virus downloaded.
  • Trick you into giving them access or installing malicious programs on your behalf

• Some modern viruses combine multiple types of viruses so it is even harder to detect or mitigate