Master boot record infection This is the original method of attack. It works by attacking the master boot record of floppy disks or the hard drive. This was effective in the days when everyone passed around floppy disks.
File infection A slightly newer form of virus that relies on the user to execute the file. Extensions such as .com and .exe are typically used. Some form of social engineering is normally used to get the user to execute the program. Techniques include renaming the program or trying to run an .exe extension and make it appear as a graphic or .bmp.
Macro infection The most modern type of virus began appearing in the 1990s. Macro viruses exploit scripting services installed on your computer. The I Love You virus is a prime example of a macro infector.
Signatures scanning antivirus programs work in a similar fashion as IDS pattern matching systems. Signature scanning antivirus software looks at the beginning and end of executable files for known virus signatures.
Heuristic scanning is another method that antivirus programs use. Software designed for this function examines computer files for irregular or unusual instructions.
Integrity checking can also be used to scan for viruses. Integrity checking works by building a database of checksums or hashed values. These values are saved in a file. Periodically new scans occur, and the results are compared to the stored results.
Activity blockers can also be used by antivirus programs. An activity blocker intercepts a virus when it starts to execute and blocks it from infecting other programs or data. Activity blockers are usually designed to start upon bootup and continue until the computer is shut down.