Kind of viruses


A virus is just a piece of software which can copy itself inside of computers whenever it is executed, and, overall, which contains statements to damage the system where it is runned. There are many kind of viruses:

File's viruses

These viruses infect executable files, like '.exe' or '.com' files, for example. Each executable file, more or less is made up of three parts: an header, a block of data, and a block containing effective statements. The header contains a 'reference' (a 'jump' statement) to the beginning of the block of statements. Viruses change this 'reference' to make it point to the end of file, where harmful statements (virus' body) are attached to, and, however, at the end of the block, there is another reference to the beginning of the original block of statements.

Antivirus programs have a scanning engine to detect these fake references and to detect typical 'identification strings', that's a sequence of each virus' typical statements. To follow up this purpose, they hold a database containg all known virus' strings. Obvious conclusion: to be effective, antiviruses must have very frequently updated database. On the contrary, a very important requisite is missing, and their effectiveness is really weak.

Boot's viruses

Computers' operating systems are composed of programs usually disk resident. Whenever you turn on your computer, it searches for a specific disk area which contains some vital information about the disk itself (MBR Master Boot Record). After reading this area, your computer is able to recognize some disk's features, such as sectors number. Then, it has to read the boot record, an area containing all statements to load the operating system. Operating systems can be loaded either from hard disks or floppy disks. Anyway, your computer read always the first sector of disk, that, in case of hard disk contains the MBR, and, in case of floppy contains the boot record.

The virus acts by moving the blocks of statements needed to start the operating system (boot record) to a different zone of disk. Then it copy itself where there was the original block. The last virus' statement is that will let the real boot record available for system's starting. So, the virus (remember, it's just a program) is launched whenever you start your computer. If you leave a floppy disk inside your turned off PC, when you will turn on it, the machine will detect its presence, and it will attempt to load the operating system from the floppy disk. It will read the first disk sector which, as we know by now, contains the virus.

Companion viruses

On MsDos systems, when two files with the same name are located in the same directory, one with '.com' extension and the other with '.exe' extension, the Dos always will launch '.com' files before than '.exe' files. Companion viruses copy themselves with the same name of infected '.exe' files. But with '.com' extension! So, if you launch 'your-file' executable file (your-file.exe), the Dos will use your-file.com file (a copy of virus).

This kind of viruses are not active on Windows 95 environment, but if you launch it inside of a Dos window, it's really dangerous again!

File system's viruses

This kind of virus changes the system's FAT (File Allocation Table). Inside the FAT there is an index of names and addresses of files. File system's viruses change it to make the system launch the virus before than the original program.

Macro viruses

This is the last virus generation. They use certain programs (such as Word or Excel) features. This programs use a specific language to let users build macros. A macro is just a set of operations (as opening documents or saving them). It's possible to build 'models', that will be associated with documents, in order to let the program (a word processor like Word, for example) execute them on opening of such documents. So, in this case, the virus is just a macro: but containing harmful operations for your system!

Time viruses

I'm talking about these viruses which 'sleep' for a while, inside of infected files, and which wake up whenever special conditions occur, such as special dates (on the first of April, for example) or after a certain number of starting of your system, or simply, after a while.

ANSI viruses

On MsDos systems, you can associate commands with any key of keyboard. Well, there are a few of viruses which use this option. they can associate the 'format c:' command with the 'v' key, or 'del *.exe' command with enter key! These associations are written inside of the config.sys file.

Trojan horses

They aren't really viruses, because they can't produce a copy of themselves, but they are really dangerous. You can't identify them, because they are hidden inside of normal programs. They don't produce effects for a while, and you think that your system is clean. But they come out in an unforeseeable way. Very famous is the 'PKZIP300.EXE' trojan horse, which isn't the new version of PKZIP program (its last release never reached 3.0!). Antiviruses can nothing in these cases. However it isn't so easy to meet a trojan horse. Usually they are so famous that it's pretty difficult to load them inside computers.


Index           Home  Back       About  Contact us!

Copyright (c) 1998-2006 Wowarea