Companion Virii
- Companion virii attach themselves to an executable file by creating a new file with a different extension.
- Hence there namesake, they make a companion file for each infected program.
- A companion virus might make notepad.com and then launch itself first then the original notepad.exe infecting the system.
Macro Virii
- Macro virii are written in a simple macro programming language, and more often than not nowadays using VBA (Visual Basic for Applications), these virii usually target Microsoft Office applications such as Word and Excel.
- About 3/4 of all virii found in the wild today are macro virii.
- A macro infected document may have several macros, such as AutoSave, Exit etc that replace there original counterparts with there own code but still operate in the expected way.
- The macro will generally try to infect any template that exists such as world.dot so that if the macro is removed they may still regenerate.
- Macro virii have picked up on the trend of opening the WAB and sending a copy of themselves to all addresses in the address book, the most famous of these being WM97/Melissa.
Phage Virii The last of the true virii. Phage virii are programs that modify programs or databases. Phage virii are by far the most destructive by nature. They are not designed to attach themselves to other code or to replicate .... they are designed to overwrite every program they infect. A phage virii can spread by creating a companion virus of itself so when the program is attempted to be launched the virus runs again.(NOTE: Phage virii can also create companion files but it's not a defining or a required feature.)
Last edited by XTerminator : 25 Apr 05 at 12:20 PM.
|