Types of computer viruses

In computing, a computer virus is a malicious program developed by programmers that infects a system to carry out a certain action. It can damage the file system, steal or hijack information, or make copies of itself and try to spread to other computers using various means.

The term used to encompass all these codes is malware, formed by the union of the words malicious and software, that is, malicious software. Currently, there are many types of viruses (malware), with characteristic behaviors that allow them to be classified into different categories.

These small computer programs have the ability to incorporate (“infect”) their code into other programs, files, or systems and use them to make copies of themselves. The term “computer virus” was installed in 1983 by the American electrical engineer Fred Cohen, who concluded his doctorate in 1986 with a work on this topic.

The name was inspired by biological viruses, the smallest known form of life, that reproduce by infecting a cell and using its genetic material to create new specimens. Today there are many types of viruses, classified according to their actions or characteristics, such as file infecting viruses, boot viruses, macro viruses, network viruses, script viruses, stealth, polymorphic, etc.

We recommend that you read these complete reports on what an antivirus is and the types of antivirus.

The origin of computer viruses

Seeking to carry out different damages, either for the theft of sensitive information or to generate chaos in computer systems, the first computer viruses were born almost at the same time as the development of computer software , and that is why the evolution of both are intrinsically linked.

In the beginning, computer viruses were created on time to be able to replace executable files on a computer , thus managing to modify the code of said files, in order to make the activity of the computers errant or change without the permission of the users.

The central objectives of the first computer viruses were similar to today’s malware, that is, to attack the information stored on a computer in order to destroy, damage or steal it for criminal purposes.

Regarding the origins of computer viruses, although there are various references that indicate, among other things, that their first appearance was at the end of the 1960s , the truth is that the anecdote tells that at that time a group of developers of Bell aT & T designed a game that nested in the computer memory and whose behavior was similar to what today is known as computer virus.

However, the first computer virus is considered to be the malware that attacked an IBM 360 Series computer in 1972. Popularly known as “Creeper”, it was malicious software that when infecting the computer displayed all the days the message: “I’m the creeper … catch me if you can!”, which in Spanish means something like “I’m a creeper! … Catch me if you can!”

At that time it was necessary to create a computer antidote to end the annoyance caused by this first virus, and that is how what is known as the first antivirus software in history emerged , a program called “Reaper”.

However, it took about a decade for the term “computer virus” to be coined , which occurred in 1984, after which computer viruses or malware have become commonplace.

It is enough to mention some of the most famous of the last decades to show the mark that many of them have left in the history of computing and information technology due to the profound damage that they managed to cause in their moment of greatest expansion .

In addition to the aforementioned Creeper, among the most famous computer viruses in history we find “Melissa” from 1999, which is considered the first malware spread through email , which in a short time managed to contaminate millions of computers around the world.

Another of the best known was undoubtedly the one called “I love you” which in 2000 managed to infect more than 45 million computers through an email that included an attachment entitled “A love letter to you”. and that the moment the unsuspecting user executed said file, the virus process began, which was also automatically forwarded to all of the user’s contacts.

When mentioning one of the most harmful viruses in history, we may have to mention the so-called “Sasser”, which in 2004 attacked the Windows 2000 and Windows XP operating systems , infecting around 250 thousand computers, and thus putting various companies around the world on alert.

We can add to this list the best known computer viruses so far due to the damage they caused when they were spread to Concept from 1995, Code Red from 2001, Slammer from 2003, Netsky from 2004, Storm from 2007 and Conficker from 2008.

Types of computer viruses

The different types of computer viruses known to date are detailed below :

Boot virus

One of the first known types of viruses, the boot virus infects the boot partition of the operating system. The virus is activated when the computer is turned on and the operating system loads.

Time Bomb or Time Bomb

Viruses of the “time bomb” type are programmed to activate at certain times, defined by their creator. Once a certain system has been infected, the virus will only become active and cause some kind of damage on the day or time previously defined. Some viruses became famous, such as “Friday the 13th” and “Michelangelo”.

Earthworms, worm or worms

In the interest of making a virus spread as widely as possible, its creators sometimes put aside the fact of damaging the infected users’ system and began to program their viruses so that they only replicate, without the objective causing serious damage to the system . In this way, its authors try to make their creations better known on the Internet. This type of virus was called a worm or worm . They are more and more perfect, there is a version that when attacking the computer, not only replicates itself, but also spreads through the Internet, sending itself to the e-mails that are registered in the e-mail client, infecting the computers that open it. e-mail, restarting the cycle.

They have the ability to make copies of themselves, unlike viruses they do not need to infect other programs for this task . It is enough that they are executed in a system. There are several worms or worms, with many different functionalities. Some are destructive (delete or damage files), others only spread in large numbers causing bottlenecks in computer networks .

Trojans or Trojan Horses

Certain viruses carry a separate code inside them, which allows a person to access the infected computer or collect data and send it over the Internet to a stranger , without the user being aware of this. These codes are called Trojans or Trojan horses.

Initially, Trojan horses allowed the infected computer to receive external commands, without the user’s knowledge. In this way the invader could read, copy, erase and alter system data. Trojan horses currently seek to steal confidential user data, such as bank passwords.

Viruses were in the past the most responsible for the installation of Trojan horses, as part of their action, since they do not have the ability to replicate. Currently, Trojan horses no longer arrive exclusively carried by viruses, they are now installed when the user downloads a file from the Internet and executes it . Efficient practice due to the huge amount of fraudulent emails reaching users’ mailboxes. Such e-mails contain a web address for the victim to unknowingly download the Trojan horse , rather than the file that the message claims it to be.

This practice is called phishing , an expression derived from the verb to fish, “to fish” in English. Currently, most Trojan horses simulate banking websites, “catching” the password entered by users of infected computers. There are different ways to find out if you are infected with a Trojan and how to remove it from your PC.

Pure Trojans do not have the ability to infect other files or spread from one computer to another, as is the case with viruses and worms. In order for them to enter a system, they must be deliberately sent to users, usually disguised as photos, games, and general utilities. Trojan horses are often made up of two parts: a program called a client, which remains on the attacker’s machine, and another called a server, which remains on the victim’s machine.The client component communicates with the server, allowing an intruder to steal passwords and other private information, or even take full control of the invaded system, being able to open, close, execute or delete files, modify mouse and keyboard settings, open and close the CD-ROM, etc. All this at a distance.

Hijackers

Hijackers are programs or scripts that “hijack” Internet browsers, mainly Internet Explorer. When that happens, the hijacker alters the initial page of the browser and prevents the user from changing it, displays advertising in pop-ups or new windows, installs toolbars in the browser and can prevent access to certain websites (such as antivirus software websites, for example).

Keylogger

The KeyLogger is one of the existing virus species, the meaning of the English terms that best suits the context would be: Keylogger. After they are executed, the keyloggers are usually hidden in the operating system, so that the victim has no way of knowing that they are being monitored. Currently keyloggers are developed for illicit means, such as theft of bank passwords.

They are also used by users with a little more knowledge to be able to obtain personal passwords , such as email accounts, Skype or WhatsApp, among others. There are types of keyloggers that capture the victim’s screen, in order to know who implanted the keylogger, what the person is doing on the computer.

They are installed in the system in a hidden way and their action is not perceived by the owner of the attacked computer. Keyloggers are being used extensively lately in email attacks, disguised as messages sent by legitimate companies. The most sophisticated ones are already capable of recording also the pages that the user visits and the area of ​​the mouse click, that is why they are being called screenloggers (the word screen, in English, refers to the computer screen).

Zombie

The zombie state in a computer occurs when it is infected and is being controlled by third parties. They can use it to spread viruses, keyloggers, and invasive procedures in general. Usually this situation occurs because the computer has an outdated Firewall and / or operating system . According to studies, a computer that is on the Internet in these conditions has almost a 50% chance of becoming a zombie machine, depending on who is controlling it, almost always for criminal purposes.

Backdoors

The word literally means “back door” and refers to programs similar to the Trojan horse . As the name suggests, they open a hidden communication door in the system. This door serves as a channel between the affected machine and the intruder, who can thus introduce malicious files into the system or steal private information from users.

These classifications do not encompass all types of viruses (malware) and refer only to “pure” specimens. In practice, what is increasingly observed is a mixture of characteristics, in such a way that there is already talk of worm / trojans and other species of hybrid malefic codes.

Thus, it is perfectly possible for malware to spread via e-mail, after being executed, as a worm does, but also steal passwords from the infected machine and send them over the Internet to the creator of the program, exactly as makes it a Trojan horse.

Macro virus

Macro viruses (or macro viruses ) link their actions to document templates and other files so that when an application loads the file and executes the instructions contained in the file, the first instructions executed will be those of the virus.

Macro viruses are similar to other viruses in several respects: they are code written so that, under certain conditions, this code “replicates” itself, making a copy of itself. Like other viruses, they can be developed to cause damage, present a message, or do whatever a program can do.

Viruses in other media

There is much talk of prevention against computer viruses on personal computers, the famous PC, but today there are many devices that have Internet access, such as mobile phones, tablets, VOIP phones, etc . There are viruses that may be attacking and damaging the performance of these devices in question . At the moment they are isolated cases, but the fear among specialists in digital security is that with the spread of an immense number of devices with Internet access, hackers are increasingly interested in attacking these new means of accessing the Internet.

Classification of computer viruses

In principle, computer viruses are usually divided into two large main groups, which we describe below:

Viruses that infect files

This group can be divided into two clearly defined types. The first type corresponds to the so-called Direct Action Viruses . These have the peculiarity of infecting other programs the moment they are executed. The second type is Resident Viruses, which when they are executed take a portion of the computer’s RAM memory, waiting for the user to access their programs in order to infect them.

Viruses that infect the computer’s boot sector

This group contains computer viruses that can lodge in the boot sector of our hard disk, and from there launch their execution routines. Remember that this boot sector is vital for the operation of the equipment. This class of virus has the ability to reside in the memory of the computer.

Out of these two large groups of viruses, there is also a third, which includes the so-called Multipartite type viruses. This definition groups the viruses that infect files and the boot sector interchangeably.

Behavior of computer viruses

In addition to being able to group them into the previous categories, computer viruses can also be organized according to the type of behavior they exhibit.

Here are some of the most significant categories in this area. Although there are also others, this is a list of the most recognized worldwide by antivirus software manufacturers:

Uniform-type viruses

They are those viruses that can replicate themselves identically.

Overwrite type viruses

This type of virus works by infecting and overwriting files and programs using its own code.

Stealth or sneaky viruses

They have the particularity of being able to hide the symptoms of the infection from the user.

Encryption Viruses

They are those viruses that can encrypt all or part of its code, thus hindering the analysis work. These can in turn use two types of encryption, on the one hand the so-called fixed encryption, in which the virus uses the same key for all the copies made of itself, on the other hand, the so-called variable encryption, in which the virus encrypts each copy with a different key, hindering the location task due to the reduction of the code portion used for its detection.

Oligomorphic viruses

They have only a small number of encryption functions and can randomly choose which one to use.

Polymorphic Viruses

They are those that, in order to replicate, use a completely variable type of replication routine , that is, each time they are replicated and encrypted, they change sequentially. It should be noted that these viruses are the most difficult to detect and eliminate, as it can produce many different copies of itself.

Metamorphic Viruses

They are those that have the uniqueness of rebuilding all their code each time they are replicated. It is important to note that this class of virus is rarely found beyond the limits of research laboratories.

How computer viruses work

The first viruses were created through languages ​​such as Assembler and C. Today, viruses can be created in a much simpler way, being able to be developed through scripts and macro functions of certain programs.

Viruses formerly used infected floppy disks or files to infect computers. Today, viruses can reach thousands of computers around the world in a few minutes. That’s all thanks to the Internet. The most common method of propagation is the use of email, where the virus uses a text that tries to convince the user to click on the attached file. It is in that attachment is the virus. The means of convincing are many and are usually quite creative. The e-mail (and even the subject field of the message) usually has texts that arouse the curiosity of the Internet user. Many explore erotic topics or address current issues.

Some viruses can use a fake sender, causing the recipient of the e-mail to believe that it is a real message. Many Internet users often identify virus e-mails, but the creators of these “digital pests” can use new tricks that surprise even the most expert user.

There are viruses that scan for programming flaws in certain programs . Some faults are so serious that they can allow automatic contamination of the computer, without the user being aware.

Other viruses tend to spread through file sharing, such as those that insert files into P2P program folders (such software allows file sharing between users on the same computer network.

After having contaminated the computer, the virus then proceeds to carry out its tasks, which can be of the most diverse types, from the simple execution of a program to the total destruction of the operating system . The first activity of most viruses is to spread to other computers.

Myths about computer viruses

It is important to dispel some myths: events that do not execute the program containing the “stuck” virus will not trigger it. Thus, if a contaminated program that is recorded on a hard disk or floppy disk, it will not carry out the virus attack. Therefore, if the event that triggers the virus is never triggered by the user, the virus will remain “asleep” until the day the program was executed.

Another thing that must be disproved is the belief that viruses can damage computer hardware. Viruses are programs and therefore there is no way for them to burn or break computer devices. What if, there are viruses that erase the BIOS of the motherboard, leaving it without capacity to be used, giving the impression that it was broken.

However, with special equipment used in laboratories or with special software, it is possible to recover the BIOS and there it will be verified that the motherboard works with its hardware components as they were before the attack. Today’s BIOSes are better protected from this danger and are more easily recoverable in case of problems.