Search TQA Weekly
Log into your TQA Weekly

The Computer Virus

Explaining the Computer Viruses and their types.

Learn about computer viruses, types, and why you need but can't rely on anti-viruses.

Episode #4-12 released on December 1, 2013

Computer virus infections amongst all computer operating systems are much more rampant than previously known. All operating systems are affected, none is spared. Welcome to the modern world, and a new era of virus infections. This episode will deal with the many types, abilities, precautions, and inevitability of viral infections.

Let's deal with a modern fact, Windows, Apple, Android, Blackberry, Linux, Unix, BSD, etc... all have viruses designed for them. While Windows users have been targeted for years, other platforms have yet to be in open conflict with computer viruses, which leads many to believe that those users are ill equipped to deal with such infections and the various precautions required of them when it finally occurs. Newer virus infections will easily overtake weak unprotected systems, often because the user believes their system is not infect-able.

In order to bring knowledge to the masses, we must educate people in the many types, and abilities of viral infections against computers, of which much revolves around DOS and Windows.

Let's start off with the many common viral infections available to an array of computers, and normally only affecting Windows, and Dos.

The BOOT virus, a lot more common back in the day of the floppy disk, and most of my audience probably doesn't know what a floppy drive is, but this type of virus attacks the very sector on the hard drive or floppy that is first accessed, the master boot record, or MBR. Once loaded, the virus has access to everything in the system, and it can deliver its intended payload any which way it was designed to. The consequences of such an infection could render some systems unusable, and removal is complicated, and requires first booting into an alternate operating system from a different boot-able source known to be clean. To purge, the partition table may have to be wiped, and completely recreated, also known as a full format.

The program virus, the most commonly known virus, is launched from within an executable program file, and it can infect anything from bin, com, eve, ovl, drv, sys, etc... file extension types. Commonly deployed today in the form of an attachment in an e-mail, or as a fake torrent file available on torrent web-sites. Easier to remove than most other viruses, this virus is free to do whatever it wants once loaded into memory. These viruses are reliant on user privileges, so avoid using administrator accounts whenever possible.

The multipartite virus type is a hybrid virus that can be many at once. One of these viruses can infect master boot records, executable files, and other common files. These viruses can replicate once loaded into memory. This type of virus infects the master boot record once loaded for the first time.

The stealth virus, you could, also, classify rootkits under this class. These kinds of viruses of designed to avoid detection by interrupting or distorting the behavior of normal anti-viral detection techniques, be either forcing the kernel not to reply when an infected virus is being accessed, by forcing the hard drive reader head to go to a different location, or misrepresenting the file size of a specific target file where the virus resides. Can be hard to detect, and remove, but some anti-virus solutions can find them, and attempt to eliminate them completely.

The polymorphic virus is a pretty interesting virus, from the standpoint that it is capable, and in some instances, always changing it's own source code. The virus can be any of the normal or advanced classes, on top of its normal type. These viruses can be detected by some anti-viral solutions, removal may be possible, depending on the infection rate, and damage done.

Now, a common virus, is the macro virus, and this infects documents, like those created in Word. Normally, acquired through e-mail, it modifies the normal.dot template file that causes every other instance of document creation to be generated from a compromised source. When opened, the marco attempts to leverage known flaws in the word or spreadsheet editor to e-mail the virus to other people in your address, normally targeting outlook.

ActiveX viruses are a blast from my past, too, and ActiveX was Microsoft's baby, and it was what we used to generate flash like effects in pages before Flash. The major problem with this technology, it had access to everything in the computer, so any misconfiguration from the part of the user, left security holes that could be leveraged by ActiveX viruses which could then freely run on the target machine, delivering the virus. Normally received from contaminated web-sites. Turning off ActiveX eliminates the dangers of being infected.

Browser Hijacker viruses can infect the browser, and causes undesirable functioning of the browser like changing the start page, or routing all traffic to malicious web-sites. Can be contracted from poisoned web-sites, or downloaded by the user, voluntarily.

Ransomware, and cryptoviruses, are a newer kind of virus that encrypts all personal documents, and holds them for ransom. Users that are infected are normally instructed to pay using anonymous payment methods, and new versions demand payment in Bitcoin. Removal can be achieved, by formatting the computer, at the loss of the files.

And, finally, web scripting viruses, are an interesting problem. Web-sites, even my own, use Web 2.0 standards that makes it easier to show more interesting content, and even load content dynamically, however, code could be designed, and inserted into web-sites that could purposely infect a computer who is simply viewing the page. Many web-site administrators may not even be aware that their web-sites are infected though the use of cross-site scripting or code injection attacks.

A few things you should concern yourself with, most of these viruses are contracted from visiting web-sites of doubtful nature, from attachments in e-mails, or downloading of pirated material. Do not open e-mails, scan all downloaded files, and use Noscript, or NotScript whenever visiting web-sites you don't know or trust. And turn off Java and ActiveX.

Viruses used to be easily removable, however, newer viruses use stealth technology that can be upgraded and updated on the fly. This means, that once a computer is infected, we must presume the computer continues to be infected until the drives in the computer, and connected at any time during the infection, are wiped and rebuilt.

Currently, a new virus, code named Cryptolocker, is currently targeting users, normally via e-mail attachment, and encrypts all your personal files, requesting a ransom in order to decrypt your personal files, and targets all drives that are addressable, including any form of hot cloud storage solutions, including NAS drives.

Host : Steve Smith | Music : Jonny Lee Hart | Editor : Steve Smith | Producer : Zed Axis Productions

Sources & Resources