A malicious program that bears sufficient similarity to a previously identified program to be categorized as a member of the same "family" of malware.
Variants are generally created when a malware author takes the source code for a previously released malware, modifies it, then releases the new, slightly different version. The original program is often referred to as variant A, with subsequent versions referred to as B, C, D and so on, depending on when they were released.
Creating variants is relatively easy to do if the original author releases the source code for the malware to the public; alternatively, another virus writer can simply reverse engineer the malware to take the source code. Creators of variants are therefore not necessarily the creator of the original malicious program.
The differences between variants may be very minor, such as a change in a text message displayed; or they may be extensive, such as adding entirely new (and often more destructive) functionality.
Occasionally, a malware's source code has been modified so extensively that it may be classified as a separate family, for easier reference.
A virtual machine is an implementation of an operating system or environment that can be installed onto a host, or ‘real’, system. The virtual machine behaves as an isolated, independent environment, providing users with multiple operating environments on a single machine.
A network implementation that uses the physical infrastructure of a larger, insecure network (most commonly, the Internet) to connect disparate, remote computers or networks into a single, secure network.
A virtual private network (VPN) provides connected users access to resources that they may not be physically capable of utilizing, such as communications with colleagues in another country, or access to a database.
As the communications to and from the VPN travel over an insecure network, security is a major concern and there are numerous strategies used by VPN administrators to ensure the security of the network.
A malicious program which integrates into and affects a program or file on a computer system, without the knowledge or consent of the user.
A virus almost always arrives on a computer system as an executable file, most popularly as an e-mail attachment. Some viruses are spread as part of a Trojan's payload. Other common ways viruses are spread are through removable media such as floppy disks, CDs or USB thumb drives.
Laypeople and the popular media will often incorrectly use the term 'virus' as a general catch-all description for any kind of malicious program; a true virus however has defined characteristics which distinguish it from other types of malicious programs.
The key characteristic of a virus is its replication mechanism, or its ability to make copies of its own code. A virus's ability to replicate itself depends on its host file being executed.
Before a virus can replicate itself, it must first infect a vulnerable computer system. A system can usually only become infected if the virus's malicious executable file is run, either by the user or through some type of vulnerability exploit. Once the file is run, the virus integrates itself into a program or file, known as the host or host file).
Subsequently, each time the host file is launched, the virus 'hijacks' the computer system and uses its resources to create copies of its own code. These copies then infect other files on the system, and each newly infected file repeats the same cycle. If the host files are executed multiple times, the accumulated file changes can cause the system to run slowly, erratically, or even crash.
A virus can also replicate on another computer system if its host file is transferred to the new computer, either by sending it over a network or by a physical transfer using a CD, thumb drive or similar media.
Types of viruses
There are numerous sub-types of viruses, depending on what file types are infected, how the files are affected and how replication is done. For example, viruses can be categorized based on the object they infect, or the environment they function in:
- File Infector virus
A virus that infects files on a computer system, particularly EXE and COM files.
- Boot Infector virus
A virus that infects the Master Boot Record (MBR) of hard disks and similar.
Viruses can also use a various techniques to protect themselves from detection and removal by security programs, including periodically changing their own code, using a rootkit for concealment in the system and even deleting themselves after completing a specified action.
Due to the wide range of possible actions and tactics used, viruses are one of the most common type of malware in the computing world today.
For years, viruses were expensive and time-consuming nuisances, often written for the sake of experimentation or notoriety.
Nowadays however, many viruses are being created with a profit motive in mind, and can cause significant damage to the systems attacked, particularly to the personal information stored on the machines. The people writing these malicious programs are also increasingly well organized in criminal networks.
A popular programming language. Due to its perceived ease of use, Visual Basic (VB) is often used to create applications. The language is similar to, but not identical with Visual Basic Script (VBS).
The platform designator for malicious programs that use or operate using VB is 'VB'.
VBS is the platform designator for the Visual Basic Script scripting language.
Also known as 'VisualBasic Script', 'VBScript' or 'VBS', this language was created by Microsoft as a subset of the Visual Basic scripting language. VBScript is widely used in webpages, but its use primarily targeted to Microsoft Internet Explorer browser users; other browsers, such as Mozilla Firefox or Opera, do not have native support for VBScript.
VBScript is also often used with Windows Script Host (WSH) to perform local functions on machines running Windows.
A flaw or security loophole that may allow other users, applications or attackers to affect a program or system without the user's authorization or knowledge.
A vulnerability can be a flaw in a program's fundamental design, a bug in its code that allows improper usage of the program, or simply weak security practices that allow attackers to access the program without directly affecting its code.
Fixing a vulnerability requires the program vendor to create a patch – or code to rectify the flaw or loophole – and distribute it to all users in order to protect the system from exploitation.
Unfortunately, there is often a significant time lag between when a patch is released and when it is installed on a vulnerable machine. During that time, the machine is therefore still vulnerable to exploits targeting the vulnerability.
Vulnerabilities & Zero-Day attacks
A publicly announced vulnerability is often targeted by attackers, who attempt to exploit it before the vendor can create and release a patch. This type of attack is known as a Zero-Day attack.
Due to the high likelihood of attackers misusing such information, security researchers often work closely with vendors to produce and release a necessary patch before announcing the news to the general public.
About Detection Names
A quick guide to Detections - why they are important, how they work and how to read them. Also includes Generic Detections and how they differ from traditional Detections.