Types of Viruses

Trojan Horse:

Trojan horse is a program with an overt (known) and covert (unknown) effect. Dan Edwards is the first person to use this term. Trojan horse can make copies of themselves. one of the earliest version of Trojan horse is the version of the game "animal". when this was played, it created an extra copy of itself, these copy will spread taking much room. The program was modified to delete one copy of the earlier version and creates two copies of modified version. Because it spreads more rapidly than the older version, the modified version of animal soon completely supplanted the earlier version. After a present date, each copy of the later version deleted itself after it was played.

Trojan horse that creates copy of itself is know as a propagating Trojan horse.

Computer Viruses:

When a Trojan horse can propagate freely and insert a copy of itself into another file, it becomes a computer virus.

computer virus is a program that insert itself into one or more files and than performs some action.

There are two phases for a virus, first phase in which the virus insert itself into file called as insertion phase and second phase in which it perform some actions, is called as execution phase.

In 1984, an experiment showed that viruses cloud spread through out the system by itself. In early 1986, the brain virus was written for IBM PCs, but first it was report in October 1987 in United States. It alters the boot sector of floppy disks and possible corrupting the files in the process. It also spread to uninfected floppy disks inserted in the system.

In 1987, Macintosh, Amiga, and other computers are also infected by computer viruses, this virus is named as MacMag Peace virus, that prints a "universal message of peace" on march 2, 1988 and than delete itself. Same year, Tom Duf experimented on UNIX systems with a small virus that copied itself into executable files. It was not deadly virus but within 8 days it effected 46 systems and infected 466 files affecting at least one program in each system, which wantedly placed by Duff in one system in a computing center.

In 1989, Dr. Harold Joseph Highland developed a virus for Lotus1-2-3, that stored as a set of commands for that spreadsheet, and was loaded automatically when the file was opened. several types of computer viruses have been identified later which are explained below in detail.

Boot Sector Infectors:

Boot sector infector is a virus, that itself insert into boot sector of a disk. Boot sector is part of a disk used to mount a disk. when the system checks the disk for first time code in that sector will be executed, while the system boots or the disk is mounted, any virus in that sector will be executed. Brain virus comes under this category.

Executable Infector:

Executable infector is a virus that infects executable programs. The virus can prepend itself to executable, it inserts itself into the program and when application is executed, virus code will execute before the application code.

Jerusalem comes under same category, which fires when an infected program is executed. First it insert a value and checks for the date. If the year is 1987, it dose nothing, otherwise if it is not a Friday and not 13th (date of any month), it then sets itself to respond clock interrupts. Then it will load and execute the file originally executed. If it is Friday and 13th and year is not 1987 then virus sets a flag which means virus will delete files instead of infecting.

Multipartite Viruses:

Multipartite virus can infect either boot sector or applications. This kind of virus has two parts, one when it infect boot sector, it act as boot sector infector, when it infects executable it act as executable infector.

TSR Viruses:

TRS (Terminate and Stay Resident) virus is one that stays active (resident) in memory even after application has terminated. Both the Brain and Jerusalem virus come under TRS virus. TRS virus can be both boot sector virus or executable infectors.

Stealth Viruses:

Stealth viruses are viruses that hide the infection of the files. It tap calls to the operating system that access the files. If it call file attributes the original attributes. If it calls to read file, file is disinfected and data is returned. But when the call is to execute the file then infected file is executed. The stealth virus is also called as 4096 virus or IDF virus.

Encrypted Viruses:

Computer virus detectors often looks for known sequence of code to detect computer virus. To hide these sequence, some viruses encrypt virus code to escape from computer virus detectors.

Polymorphic Viruses:

Polymorphic virus is a virus that changes its form from time to time it insert itself into another program.