All about viruses

What a definition?

• A virus is a program that replicates by attaching itself to other programs. The infected program must be executed for a virus to run. The program might be an application, a macro, a system file, or the boot sector programs.
• Adware produces all those unwanted pop-up ads. Adware is secretly installed on your computer when you download and install shareware or freeware, including screen savers, wallpaper, music, cartoons, news, and weather alerts.
• Spam is junk e-mail that you don’t want, that you didn’t ask for, and that gets in your way.
• Spyware is software that installs itself on your computer to spy on you, and collects personal information about you that it transmits over the Internet to Web-hosting sites that intend to use your personal data for harm.
• A worm is a program that copies itself throughout a network or Internet without a host program. A worm creates problems by overloading the network as it replicates. Worms cause damage by their presence rather than by performing a specific damaging act, as a virus does. A worm overload memory or hard drive space by replicating repeatedly.
• A browser hijacker, also called a home page hijacker, does mischief by changing your home page and other browser settings.
• A dialer is software installed on your PC that disconnects your phone line from your ISP and dials up an expensive pay-per-minute phone number without your knowledge. The damage a dialer does is the expensive phone bill.
• A keylogger tracks all your keystrokes, including passwords, chat room sessions, e-mail messages, documents, online purchases, and anything else you type on your PC. All this text is logged to a text file and transmitted over the Internet without your knowledge. A keylooger is a type of spyware.
• A logic bomb is a dormant code added to software and triggered at a predetermined time or by a predetermined event. For instance, an employee might put code in a program to destroy important files if his name is ever remove from the payroll file.
• A Trojan horse does not need a host program to work; rather, it substitutes itself for a legitimate program. In most cases, a user launches it thinking she is launching a legitimate program. A Trojan is likely to introduce one or more virus into the system. These Trojan are called downloaders.
• A virus attacks your system and hides in several different ways. Consider the following:
• A boot sector virus hides in the boot sector program of a hard drive or floppy disk or in the master boot program in the Master Boot Record.
• A file virus hides in an executable (.exe, .com,  or .sys) program or in a word-processing document that contain a macro.
• A multipartite virus is a combination of a boot sector virus and a file virus and can hide in either.
• A macro is a small program contained in a document that can be automatically executed either when the document is first loaded or later by pressing a key combination.
• Virus that hide in macros of document files are called macro viruses. Macro viruses are the most common virus spread by email, hiding in macros of attachment document files.
• A script virus is a virus that hides in a script, which might execute when you click a link on a Web page or in an HTML email message, or when you attempt to open email attachment.

How Virus works:

• As a virus replicates, it changes its characteristics. This type of virus is called a polymorphic virus.
• Some viruses can continually transform themselves so they will not be detected by AV software that is looking for a particular characteristic. A virus that uses this technique is called an encrypting virus.
• The virus create more than one process
• Entries are often made in obscure places in the registry that allow the software to start
• One type of malware, called a rootkit, loads itself before the OS boot is complete.