Computer Virus

Computer Viruses are classified according to their nature of infection and behavior. Different types of computer
virus classification are given below.

• Boot Sector Virus: A Boot Sector Virus infects the first sector of the hard drive, where the Master Boot Record
(MBR) is stored. The Master Boot Record (MBR) stores the disk's primary partition table and to store bootstrapping
instructions which are executed after the computer's BIOS passes execution to machine code. If a computer is
infected with Boot Sector Virus, when the computer is turned on, the virus launches immediately and is loaded into
memory, enabling it to control the computer.

• File Deleting Viruses: A File Deleting Virus is designed to delete critical files which are the part of Operating
System or data files.

• Mass Mailer Viruses: Mass Mailer Viruses search e-mail programs like MS outlook for e-mail addresses which
are stored in the address book and replicate by e-mailing themselves to the addresses stored in the address book
of the e-mail program.

• Macro viruses: Macro viruses are written by using the Macro programming languages like VBA, which is a feature
of MS office package. A macro is a way to automate and simplify a task that you perform repeatedly in MS office suit
(MS Excel, MS word etc). These macros are usually stored as part of the document or spreadsheet and can travel
to other systems when these files are transferred to another computers.

• Polymorphic Viruses: Polymorphic Viruses have the capability to change their appearance and change their code
every time they infect a different system. This helps the Polymorphic Viruses to hide from anti-virus software.

• Armored Viruses: Armored Viruses are type of viruses that are designed and written to make itself difficult to
detect or analyze. An Armored Virus may also have the ability to protect itself from antivirus programs, making it
more difficult to disinfect.

• Stealth viruses: Stealth viruses have the capability to hide from operating system or anti-virus software by
making changes to file sizes or directory structure. Stealth viruses are anti-heuristic nature which helps them to
hide from heuristic detection.

• Polymorphic Viruses: Polymorphic viruses change their form in order to avoid detection and disinfection by
anti-virus applications. After the work, these types of viruses try to hide from the anti-virus application by
encrypting parts of the virus itself. This is known as mutation.

• Retrovirus: Retrovirus is another type virus which tries to attack and disable the anti-virus application running
on the computer. A retrovirus can be considered anti-antivirus. Some Retroviruses attack the anti-virus
application and stop it from running or some other destroys the virus definition database.

• Multiple Characteristic viruses: Multiple Characteristic viruses has different characteristics of viruses and have
different capabilities.
MALWARE
“Malware” is short for “malicious software” - computer programs designed to infiltrate and damage
computers without the users consent. “Malware” is the general term covering all the different types of
threats to your computer safety such as viruses, spyware, worms, trojans, rootkits and so on.

Different types of malware contain unique traits and characteristics. Types of malware include:

• A virus is the most common type of malware which can execute itself and spread by infecting other
programs or files.

• A worm can self-replicate without a host program and typically spreads without any human
interaction or directives from the malware authors.

• A Trojan horse is designed to appear as a legitimate program in order to gain access to a system.
Once activated following installation, Trojans can execute their malicious functions.

• Spyware is made to collect information and data on the device user and observe their activity
without their knowledge.

• Ransomware is designed to infect a user's system and encrypt the data. Cybercriminals then
demand a ransom payment from the victim in exchange for decrypting the system's data.

• A rootkit is created to obtain administrator-level access to the victim's system. Once installed, the
program gives threat actors root or privileged access to the system.

• A backdoor virus or remote access Trojan (RAT) secretly creates a backdoor into an infected
system that allows threat actors to remotely access it without alerting the user or the system's
security programs.

• Adware is used to track a user’s browser and download history with the intent to display pop-up or
banner advertisements that lure the user into making a purchase. For example, an advertiser might
use cookies to track the web pages a user visits to better target advertising.

• Keyloggers, also called system monitors, are used to see nearly everything a user does on their
computer. This includes emails, opened web-pages, programs and keystrokes.
Layer 7 – Application layer

This is the closest layer to the end user. It provides the interface between the applications we use and the
underlying layers. But notice that the programs you are using (like a web browser – IE, Firefox or Opera…) do not
belong to Application layer. Telnet, FTP, email client (SMTP), HyperText Transfer Protocol (HTTP) are examples of
Application layer.

Layer 6 – Presentation layer

This layer ensures the presentation of data, that the communications passing through are in the appropriate form
for the recipient. In general, it acts as a translator of the network. For example, you want to send an email and the
Presentation will format your data into email format. Or you want to send photos to your friend, the Presentation
layer will format your data into GIF, JPG or PNG… format.

Layer 5 – Session layer

Layer 5 establishes, maintains and ends communication with the receiving device.

Layer 4 – Transport layer

This layer maintains flow control of data and provides for error checking and recovery of data between the devices.
The most common example of Transport layer is Transmission Control Protocol (TCP) and User Datagram Protocol
(UDP).

Layer 3 – Network layer

This layer provides logical addresses which routers will use to determine the path to the destination. In most cases,
the logic addresses here means the IP addresses (including source & destination IP addresses).

Layer 2 – Data Link Layer

The Data Link layer formats the message into a data frame, and adds a header containing the hardware destination
and source address to it. This header is responsible for finding the next destination device on a local network.

Notice that layer 3 is responsible for finding the path to the last destination (network) but it doesn’t care about who
will be the next receiver. It is the Layer 2 that helps data to reach the next destination.

This layer is subdivide into 2 sub-layers: logical link control (LLC) and media access control (MAC).

The LLC functions include:

+ Managing frames to upper and lower layers
+ Error Control
+ Flow control

The MAC sublayer carries the physical address of each device on the network. This address is more commonly
called a device’s MAC address. MAC address is a 48 bits address which is burned into the NIC card on the device by
its manufacturer.

Layer 1 – Physical layer

The Physical Layer defines the physical characteristics of the network such as connections, voltage levels and
timing.