System Sector Viruses
System sectors are special areas on your disk containing programs that are executed when you boot (start) your PC. System sectors (Master Boot Record and DOS Boot Record) are often targets for viruses. These boot viruses use all of the common viral techniques to infect and hide themselves. They rely on infected floppy disk left in the drive when the computer starts, they can also be "dropped" by some file infectors or Trojans.
These viruses evade
A virus can hide itself by intercepting the anti-virus software’s request to read the file and passing the request to the virus, instead of the OS. The virus can then return an uninfected version of the file to the anti-virus software, so that it appears as if the file is "clean".
Bootable CD-ROM Virus
These are a new type of virus that destroys the hard disk data content when booted with the infected CD-ROM.
Example: Someone might give you a LINUX BOOTABLE CD-ROM.
When you boot the computer using the CD-ROM, all your data is gone. No Anti-virus can stop this because AV software or the OS is not even loaded when you boot from a CD-ROM.
Most modern antivirus programs try to find virus-patterns inside ordinary programs by scanning them for virus signatures.
A signature is a characteristic byte-pattern that is part of a certain virus or family of viruses.
Self-modification viruses employ techniques that make detection by means of signatures difficult or impossible. These viruses modify their code on each infection. (each infected file
contains a different variant of the virus)
Polymorphic Code Virus
A well-written polymorphic virus therefore has no parts that stay the same on each infection.To enable polymorphic code, the virus has to have a polymorphic engine (also called mutating engine or mutation engine). Polymorphic code is a code that mutates while keeping the original algorithm intact.
Metamorphic viruses rewrite themselves completely each time they are to infect new executables. Metamorphic code is a code that can reprogram itself by translating its own code into a temporary representation, and then back to normal code again.
For example, W32/Simile consisted of over 14000 lines of assembly code, 90% of it is part of the metamorphic engine.
File Extension Virus
File extension viruses change the extensions of files. .TXT is safe as it indicates a pure text file. With extensions turned off if someone sends you a file named BAD.TXT.VBS you will only see BAD.TXT.If you've forgotten that extensions are actually turned off, you might think this is a text file and open it. This is really an executable virus file and could do
serious damage .
Countermeasure is to turn off “Hide file extensions” in .
That's it... by intercepting its requests to the operating system.