A Virus is an executable file which is programmed such that first of all it should be able to infect files, then it has to have the ability to survive by replicating itself and also be able to avoid detection. Usually to avoid detection, a Virus disguises itself as a legitimate program which the user would not normally suspect to be a Virus. Viruses are designed to corrupt or delete data on the hard disk.
There may be many kind of viruses present around us, and these are identified on the basis of :
What their functions are, which part of a system do they attack, and what kind of damages do they cause.
Broadly, viruses can be divided into the following categories:-
Boot Sector Viruses (MBR or Master Boot Record)
Boot sector viruses can be created without much difficulty and infect either the Master boot record of the hard disk or the floppy drive.The boot record program responsible for the booting of the operating system is replaced by the Virus. The Virus either copies the Master Boot Program to another part of the Hard Disk or overwrites it.They infect the computer when the computer boots up or the computer accesses the infected external memory drive.
File or Program Viruses
Some programs are viruses in disguise, when executed they load the virus in the memory along with the program and perform the predefined steps and infect the system.They infect program files with extensions like .EXE, .COM , .BIN , .DRV and .SYS. Some file viruses just replicate while others destroy the program being used at that time. Such viruses start replicated as soon as they are loaded into the memory. As the file viruses also destroy the program currently being used, after removing the virus or disinfecting the system, the program that got corrupted due to the file virus, too, has to be repaired or reinstalled.
Multipartite viruses are the hybrid variety, they can be best described as a cross between both Boot Viruses and File viruses.They not only infect files but also infect the boot sector. They are more destructive and more difficult to remove. First of all, they infect program files and when the infected program is launched or run, the Multipartite viruses start infecting the boot sector too.Now the interesting thing about these viruses is the fact that they do not stop, once the boot sector is infected.Now after the boot sector is infected, when the system is booted, they load into the memory and start infecting other program files.
These viruses are stealth in nature and use various methods to hide themselves and to avoid detection. They sometimes remove themselves from the memory temporarily to avoid detection and hiding from virus scanners.Some can also redirect the disk head to read another sector instead of the sector in which they reside.Some stealth viruses conceal the increase in the length of the infected file and display the original length by reducing the size by the same amount as that of the increase, so as to avoid detection from scanners. They are somwhat difficult to detect.
They are the most difficult viruses to detect. They have the ability to mutate this means that they change the viral code known as the signature each time it spreads or infects.Thus Antiviruses which look for specific virus codes are not able to detect such viruses. Now what exactly is a Viral Signature? Basically the Signature can be defined as the specific fingerprint of a particular virus which is a string of bytes taken from the code of the virus. AntiViral softwares maintain a database of known virus signatures and look for a match each time they scan for viruses.