Virus and Hack Research Paper: Virus Types, Malicious Code, Backdoor Attacks, and More
ActiveX malicious code
ActiveX controls allow Web developers to create interactive, dynamic Web pages with broader functionality such as HouseCall, Trend Micro’s free on-line scanner. An ActiveX control is a component object embedded in a Web page which runs automatically when the page is viewed. In many cases, the Web browser can be configured so that these ActiveX controls do not execute by changing the browser’s security settings to “high.” However, hackers, virus writers, and others who wish to cause mischief or worse may use ActiveX malicious code as a vehicle to attack the system. To remove malicious ActiveX controls, you just need to delete them.
Aliases
There is no commonly accepted industry standard for naming viruses and malicious mobile code. Each may be known by several different names or aliases. See for an explanation of Trend Micro virus-naming conventions.
Backdoor
A Backdoor is a program that opens secret access to systems, and is often used to bypass system security. A Backdoor program does not infect other host files, but nearly all Backdoor programs make registry modifications. For detailed removal instructions please view the virus description. See virus types for an explanation of Trend Micro virus-naming conventions.
Boot sector viruses
Boot sector viruses infect the boot sector or partition table of a disk. Computer systems are most likely to be attacked by boot sector viruses when you boot the system with an infected disk from the floppy drive – the boot attempt does not have to be successful for the virus to infect the hard drive. Also, there are a few viruses that can infect the boot sector from executable programs- these are known as multi-partite viruses and they are relatively rare. Once the system is infected, the boot sector virus will attempt to infect every disk that is accessed by that computer. In general, boot sector viruses can be successfully removed.
Computers infected since (date)
This table displays the number of infected computers, by region, since detection first became available for this virus. See World Virus Tracking Center for additional information.
Date of origin
Indicates when a virus was first discovered (if known).
Description
This is a brief summary of a virus listed in the Trend Virus Encyclopedia. For detailed technical information, click on the “Tech Details” tab.
Destructive viruses
In addition to self-replication, computer viruses may have a routine that can deliver the virus payload. A virus is defined as destructive if its payload does some damage to your system, such as corrupting or deleting files, formatting your hard drive, and committing denial-of-service attacks etc.
ELF
ELF refers to Executable and Link Format, which is the well-documented and available file format for Linux/UNIX executables. Trend products detect malicious code for Linux/UNIX as “ELF_Virusname.”
Encrypted viruses
Indicates that the virus code contains a special routine that encrypts the virus body to evade detection by antivirus software. Trend Micro’s antivirus products have the ability to decrypt the virus body and detect such viruses.
File infecting viruses
File infecting viruses infect executable programs (generally, files that have extensions of .com or .exe).
Most such viruses simply try to replicate and spread by infecting other host programs – but some inadvertently destroy the program they infect by overwriting some of the original code. There is a minority of these viruses that are very destructive and attempt to format the hard drive at a pre-determined time or perform some other malicious action. In many cases, a file-infecting virus can be successfully removed from the infected file. If the virus has overwritten part of the program’s code, the original file will be unrecoverable.