Cryptography Reference
In-Depth Information
3. Memory-Resident Viruses : This kind of virus stays in memory after it
executes and after its host program is terminated, whereas a nonmemory-
resident virus only activates when an infected program executes.
4. Polymorphic Virus : This is a particularly nasty virus that mutates every
time it infects a new program. Therefore, detection of this type of infection
is diHcult since it leaves no unique trail (“signature”) to follow.
5. Stealth Virus : This kind of virus is specifically designed to disguise its
existence from virus-scanning software. For instance, if a stealth virus has
infected the MBR, then its function might be to interrupt a virus-scanning
software's request to examine the MBR and then transmitting a (false)
copy of the original uninfected MBR.
Examples
An example of a virus that is a combination of some of the above is the
following.
Multipartite Viruses : These viruses infect in one format type, then trans-
form into another. For instance, one might begin as a boot-system virus, then
move to become an attack on executable files.
An example of a memory-resident virus is the following modern-day virus
that takes advantage of features found in data-processing software.
Macro Viruses : This type of virus is one of the most recent, and unlike
the others, is platform independent. In other words, it will infect those using
a Macintosh computer as well as those using Microsoft Windows, for instance.
The reason is that these viruses are programs written to attach themselves to
macros used in modern-day data-processing systems, such as MS-Word, MS-
Excel, and AmiPro. These macro languages fit the three conditions that make
them ripe for macro infection, namely, they (1) assign specific macro programs to
specific files; (2) copy macro programs from one file to another; (3) pass control
to some macro program without the user's explicit permission, that is, they are
automatic. The aforementioned word-processing systems were designed to be
automatic, and as such, if an infected document is opened, the viral macro will
replicate itself into the computer's startup files. From then on, the machine is
infected and the macro virus will reside on the computer until eradicated. Any
document on the machine that uses the infected application can then become
infected. If the machine is on a network, the infection will likely spread to other
machines on the network. If a disk with the infection is shared, then the virus
will spread to the recipient's machine. Today, macros are deemed to make up
two-thirds of all computer viruses according to experts.
The typical agent for spreading macro viruses is via e-mail. The most noto-
rious macro virus was Melissa , 10.25 launched in 1999. Melissa was distributed
10.25 In some circles, Melissa is considered to be a worm (see below for our description of
worms), since it clogged up systems. However, due to its behaviour as a malicious e-mail
attachment and its mechanism for delivery, it is more rightly viewed as a macro virus.
Search WWH ::




Custom Search