Multipartite virus

From HandWiki
Revision as of 10:47, 26 February 2022 by imported>JTerm (simplify)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

A multipartite virus is a computer virus that infects and spreads in multiple ways. The term was coined to describe the first viruses that included DOS executable files and PC BIOS boot sector virus code, where both parts are viral themselves. Prior to the discovery of the first of these, viruses were categorized as either file infectors or boot infectors. Because of the multiple vectors for the spread of infection, these viruses could spread faster than a boot or file infector alone. [1] [2]

Ghostball was the first multipartite virus, discovered by Fridrik Skulason in October 1989.

Symptoms

Multipartite viruses tend to work fast and some of the infections are subtle and are unnoticed. The following symptoms, may indicate an infection from a multipartite virus:

  • Drive controllers will no longer be present in Device Manager[3]
  • Constant notification about virtual memory being low[3]
  • Screen content will appear as if it is melting[3]
  • Applications and files sizes continually change[3]
  • Hard drive reformats itself[3]
  • Word processing document extensions modified from DOC to DOT[3]
  • Program may or may not execute, and will experience much longer loading times[3]

Infection strategies

File infectors viruses are made to infect files of on the computer. File infectors spread once the user runs the infected file. The virus copies itself to locations on the computer where it can be executed; usually in RAM. The file infector will continue to infect files while granting the virus access to the infect files. [4]

Similarly, Boot infectors spread during the boot up of a computer. Boot infectors target the critical section on the hard drive or on floppy disks in order to gain access to the computer. This enables the virus to be able to obtain complete control and/or extract any important information from your computer. [5]

Multipartite viruses increase their chances of spreading within the computer by combining features from both the file infector and the boot infector. These viruses have the ability to infect both files and boot sectors. Because of this, the chance of the virus spreading is increased, but the virus also becomes more vulnerable to detection due to the increased number of locations the virus can be found by an antivirus software. [6]

Security measures

The multipartite viruses are often tricky and hard to eliminate. When all infected files have been cleaned, but the virus remains in the boot sector, files on the system will be infected again. Similarly, if the boot sectors were disinfected, but the files were still infected, then the boot sector will be re-infected. The process will continually be repeated if the virus is not removed completely from the host system.[3]

Because of its infectious nature, it is suggested by security experts that the best defense against this virus is to prevent an infection. The following steps are suggested to prevent a virus infection:

  • Install trusted quality antivirus software[3]
  • Maintain updated virus definitions in the antivirus software[3]
  • Never open attachments from unsolicited messages[3]
  • Take caution when visiting/downloading from a website that may or may not be trusted[3]

See also

  • Timeline of notable computer viruses and worms

References