Malware: Types of Viruses

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
7 hours 6 minutes
Difficulty
Intermediate
CEU/CPE
7
Video Transcription
00:00
Hey, everyone, welcome back to the course. So in this video, we're gonna talk about some of the different types of viruses.
00:07
So first we have our our system or a boot sector viruses. And basically these just moved the master boot record to a different location on the hard disk. And then then the virus itself is gonna copy itself to that original location of the master boot record. And so when the Vista system boots up, essentially the virus code is gonna be executed first, and then
00:26
control is passed back to that original
00:29
master boot record.
00:31
We have a file viruses, so this infects files that you're used to, so things like your dot txt files your dot sys files, your bat files,
00:41
you're prg files, etcetera, etcetera.
00:46
And then we have our multi partite, which infects the boot sector as well as the execute herbal files at the same time.
00:53
And then we have macro viruses thes infect files like your Microsoft Word Files or your Excel files. Because most of the virus macro viruses are written using visual basic
01:03
programming language so visual basic for applications.
01:08
And essentially, these used to be a huge issue especially with files getting emailed to you so you'd have AH word file or sell file emailed to you. You open it up, you try to edit it. It infects your system.
01:21
These days, Microsoft has in more recent versions of Word and Excel they have basically protected mode.
01:29
And so, if you download word file from someone and you want toe, you open it up. It gives you a little warning and gives you an option to edit it. But before it allows you to edit it, it's open it and just read mode read only mode. And so, basically, you could determine. Do I wanna take the risk of actually
01:46
looking at this file on being able to edit it? Because that might allow
01:49
macros to be enabled and cause an infection.
01:53
We have cluster viruses and these modified directory table entries. So that way, the it's uh, the user has pointed to the virus code or the system processes pointed to the virus code itself instead of the rial program that it should be.
02:09
We have stealth or sometimes called tunneling viruses, and so basically these intercept request to the operating system. So that's how they evade the antivirus software. So when the antivirus software sends a request to the OS is saying, Hey, is this legitimate?
02:23
The virus intercepts set and says, Yes, it ISS
02:29
We have encryption viruses, so this just uses a simple encryption to basically
02:31
encrypt the virus. And that way, the antivirus can't scan the scan for the file signature because it's encrypted.
02:42
We have a polymorphic code viruses. So basically, this is just where the code itself keeps mutating,
02:46
uh, the algorithm to avoid anti virus. So that way, there's no signature that stays the same. That could be put into that antivirus solution to prevent against it. So it constantly morse the code to try to evade anti virus and anti malware solutions.
03:02
We have metamorphic viruses. These ones rewrite themselves completely each time. So not just parts of the code. It rewrites itself completely each time,
03:13
and we have cavity viruses. So these overwrite a part of the host file without increasing the length of the size of the file. It's basically there just tucking themselves in the cavity of the file. So let's say, say, for example, yet a cavity in your tooth that's a hollow part of your tooth, and we put a magical coin in that hollow part of your tooth
03:31
that would be that cavity virus. It's hiding in there
03:34
without altering the structure of the external tooth. We have sparse, infecting viruses, so these ones try to evade anti virus or anti Mauer solutions by infecting Onley occasionally. So, for example, like every 20th time executed, it actually infects. Or it could be also
03:51
that it only infects on the 30th 30th of every month, right or the 10th of every month. So
03:57
basically, it happened so randomly that the goal is that anti virus won't recognize
04:01
the infection has not been eradicated.
04:03
We've got a companion virus, which basically creates a companion file for each of the executed all files that the virus infects. So, for example,
04:11
let's just say that the companion virus saves itself as no pad dot com. And so then, every time a user executes no pad dot t x C, which is a normal program on Windows,
04:21
the computer is gonna actually load the note pad dot com files well, which is the actual virus and infect the system. We have a shell viruses, so basically, the virus code forms a shell around the host, the Target host program code. And so essentially it makes itself the original program.
04:38
And then the rial code, the rial host code it runs is a subroutine.
04:43
So all the boot viruses that we we've kind of talked about the the root kit, the boot kits and stuff are the root kits that air boot infections, boot sector infections, these air, all shell viruses. So essentially they're wrapping themselves around
04:56
the normal code and running itself. And then we have file extension viruses, so these basically just change the extensions of files. So, for example, instead of it showing a dot txt file, the attacker may change the file to show dot txt. So you think it's a just a text file. You open it up and infect your system.
05:14
Another thing that's a little more prevalent with that one is
05:16
in image file that you download, download stay off a Google Google search. You may download it, and it says like like dot, dot, jay Paige or dot PNG. But when you look at the properties of that file, so when you downloaded, it just shows as a dot J. Paige with the file one actually hoping. But if you right click and go to properties
05:35
on a Windows machine,
05:36
you'll see that is actually an application file or something. And that's this type of infection. So just a quick, quick question here for you, this type of virus intercepts antivirus request to the operating system. Is that the tunneling that the encryption? Or is that the cavity virus? Parts of you guessed tunneling? You are correct. So in this video, we just talked about some different types of viruses.
Up Next