What are the different types of virus concealment strategies?

A computer virus is malicious software (malware) that spreads from one computer to another by attaching itself to a legitimate program or file. When the infected program or file is run, the virus code is also executed, allowing the virus to replicate and spread and can cause a range of harm, such as deleting or corrupting files, stealing personal information, or using the infected computer as part of a larger network to carry out attacks. A Virus is different from a worm, a type of malware similar to a virus in that it is designed to spread from one computer to another. However, worms do not need to attach themselves to a legitimate program or file to spread. Viruses can be detected using antivirus software, malware scanners, system logs, and suspicious computer activity.

Types of computer viruses

The diagram below shows the different types of computer viruses.

Types of computer viruses
Types of computer viruses

  • Boot sector virus: A boot sector virus is a type of computer virus that infects the boot sector of a hard drive or floppy disk. When a computer is infected with a boot sector virus, the virus code is loaded into memory before the operating system, allowing it to gain control over the system.

  • File/program sector virus: A file/program sector virus is a computer virus that infects the executable files or programs on a computer. When a computer is infected with a file/program sector virus, the virus code is inserted into the program or file. It can modify its behavior by adding or removing code or spreading it to other files.

  • Macro virus: A macro virus is a computer virus written in a macro language, such as the macro language used in Microsoft Office applications like Word, Excel, and PowerPoint.When a user opens an infected document, the macro virus can execute its code, performing various actions, such as deleting files, modifying data, or spreading to other documents.

Virus concealment strategies

There are various virus concealment strategies that malware authors use to evade detection by antivirus software and security measures. Here are some common concealment strategies:

  1. Polymorphism: Polymorphic viruses can change their code on each infection, making it difficult for signature-based antivirus software to detect them. For example, the W32/Mytob worm can change its code on each infection, making it difficult to detect by signature-based antivirus software.

  2. Encryption: Encrypted viruses use encryption to conceal their code and evade detection by antivirus software. For example, the Gpcode ransomware used encryption to hide its malicious code and prevent detection by antivirus software.

  3. Stealth techniques: Stealth viruses use various methods to hide their presence from the operating system, such as hooking into system calls and interrupt handlers. For example, the Rustock rootkit was designed to conceal its presence on infected systems by connecting to system calls and interrupt handlers.

  4. Rootkit technology: Rootkits are designed to conceal malicious activity by modifying the operating system to hide the presence of the virus. For example, the Sony BMG rootkit installed on some of the company's music CDs used rootkit technology to hide its presence on infected systems.

  5. Code obfuscation: Code obfuscation involves intentionally making the code of a virus difficult to understand or analyze, making it harder for security researchers to detect or reverse-engineer. For example, the Locky ransomware used code obfuscation to make its code challenging to analyze and understand, making it harder for security researchers to develop effective countermeasures.

  1. Virus wrapping: Virus wrapping involves placing a virus inside a legitimate program, making it more difficult for antivirus software to detect. For example, the Melissa virus was disguised as a Word document, making it more difficult for antivirus software to detect the virus.

  2. Time bombs: Time bombs are viruses that activate on a specific date or time, making it difficult to detect their presence before they execute. For example, the Michelangelo virus was a time bomb virus set to activate on March 6, making it difficult to detect its presence before it was executed.

  3. Fileless malware: Fileless malware operates entirely in memory and does not leave any traces on the file system, making it difficult to detect and analyze. For example, the Poweliks malware was a file-less Trojan that operated entirely in memory, making it difficult to detect and analyze using traditional antivirus software.

It's important to note that malware authors use these strategies to evade detection and cause harm, and they should not be used for any illegal or unethical purposes. Having adequate security measures to detect and prevent malware attacks is crucial.

Free Resources

License: Creative Commons-Attribution NonCommercial-ShareAlike 4.0 (CC-BY-NC-SA 4.0)

Learn in-demand tech skills in half the time

PRODUCTS

Mock Interview

New

Courses

Skill Paths

Projects

Assessments

TRENDING TOPICS

Learn to Code

Tech Interview Prep

Generative AI

Data Science

Machine Learning

GitHub Students Scholarship

Early Access Courses

Blind 75

Layoffs

Pricing

For Individuals

Try for Free

Gift a Subscription

CONTRIBUTE

Become an Author

Become an Affiliate

Earn Referral Credits

RESOURCES

Blog

Cheatsheets

Webinars

Answers

ABOUT US

Our Team

Careers

Hiring

Frequently Asked Questions

Contact Us

Press

LEGAL

Privacy Policy

Cookie Policy

Terms of Service

Business Terms of Service

Data Processing Agreement

INTERVIEW PREP COURSES

Grokking the Modern System Design Interview

Grokking the Product Architecture Design Interview

Grokking the Coding Interview Patterns

Machine Learning System Design

Tiktok Streamline Icon: https://streamlinehq.com

Copyright ©2024 Educative, Inc. All rights reserved.

soc2