FILE VIRUSES

INFECTING ALL KIND OF EXECUTABLE OF DOS :BATCH COMMAND FILES,LODABLE DRIVERS(IO.SYS,MSDOS.SYS) AND BINARY EXECUTABLE(.EXE,.COM) ALSO INFECTS EXECUTABLE OF OTHER OS LIKE WIN95/NT,LINUX etc VIRUSES ARE SOMETIMES INFECTING PROGRAM SOURCE CODE,LIBRARIES OR OBJECT MODULES

FILE VIRUSES MAY OR MAY NOT LEAVES THE CONTENT OF THE PROGRAM UNCHANGED BUT ATTACH TO THE HOST IN SUCH A WAY THE VIRUS CODE IS RUN FIRST IT MAY BE 1)DIRECT ACTION OR 2) RESIDENT

ACCORDING TO METHOD OF INFECTING FILES,FILE VIRUSES MAY

OVERWRITING VIRUSES PARASITIC VIRUSES COMPANIOM VIRUSES FILE WORMS LINK VIRUSES OBJ,LIB VIRUSES AND SOURCE CODE VIRUSES

OVERWRITING VIRUS
* VIRUS OVERWRITES THE CONTENTS OF TARGET EXECUTABLE WITH ITS OWN CODE DESTROYING THE ORIGINAL. * EXECUTABLE STOPS WORKING AND CANNT BE RESTORED. * VIRUSES UNCOVER THEMSELVES VERY QUICKLY. THIS TYPE OF VIRUS IS RARELY FOUND.

PARASITIC VIRUSES
FILE VIRUSES, WHICH HAVE TO CHANGE THE CONTENT OF TARGET FILES WHILE TRANSFERRING COPIES OF THEMSELVES THIS VIRUS MAY BE 1>PREPENDING 2>APPENDING 3>INSERTING

PREPENDING VIRUS
(SAVING THEMSELVES AND THE TOP OF FILE) -|--------|--------------------------|| FILE | | -|--------|--------------------------|-

-|- - - - -|-----------------------|-----||FREE | FILE | | -|- - - - -|-----------------------|-----|-|-----------|-----------------------------------|- - - -||VIRUS | FILE | | -|-----------|-----------------------------------|- - - -|-

APPENDING VIRUS
(SAVING THEMSELVES AT THE END OF FILE)

DOS SYS FILES

NOT INFECTED SYS FILE

-+---------------+---------------------------------------+ | HEADER | DRIVER CODE AND DATA | -+---------------+---------------------------------------+

INFECTED SYS FILE -+-------------------+-----------------------------------------------+-------------+ | HEADER | DRIVER CODE AND DATA | VIRUS | -+-------------------+-----------------------------------------------+-------------+ -+-------------------+-----------------------------------------------+------------+------------+ | HEADER | DRIVER CODE AND DATA | VIRUS |HEADER| -+-------------------+-----------------------------------------------+------------+------------+

 APPENDING VIRUS CAN BE VERY

DANGEROUS AND VERY HARD TO KILL BECAUSE IT IS LOADED INTO RAM UPON DOS BOOT EARLIER THAN ANY ANTIVIRUS PROGRAM

INSERTING
VIRUS

MOVES A FRAMENT OF FILE TO ITS END OR SPREADS AND WRITES ITS OWN CODE INTO THE FREED SPACE
THE

VIRUS CAN BE COPIED TO THE UNUSED PARTS OF THE ADDRESS RELOCATION TABLE OF A DOS EXE FILE OR TO THE HEADER AREA OF EXE FILE ,TO THE STACK AREA OF COMMAND.COM,CHARACTER STRING AREA OF COMPILERS

COMPANION VIRUSES (EXAMPLE OF CLONING)

UTILIZING DOS FEATURES TO RUN .COM FILES THAN THE .EXE COM-EXE OPTION & BAT-COM-EXE OPTION

SOME VIRUSES USES RENAMING THE TARGET FILE

XCPY.EXD XCOPY.EXE XCOPY.EXD (VIRUS)

XCOPY.EXE (TARGET)

SOME VIRUSES USES PATH COMPANION

FILE WORMS
(MODIFICATION OF COMPANION VIRUSES)

COPY THEIR CODES TO SOMEWHERE IN DISK OR DIRECTORIES AND WAIT FOR THEIR EXECUTION BY USERS GIVES THEMSELVES SPECIAL NAMES LIKE INSTALL.EXE,WINSTART.EXE

FIRST ONE USES ONLY OS,THE SECOND ONE MULTIPLY WITH THE HELP OF NETWORKING PROTOCOLS SO WORMSSSS

LINK VIRUSES
(AS CATALYST) DIR_II FAMILY

DIRECTORY STRUCTURE
NAME 1 NAME2

DISK
FILE 1 FILE 2

NAME N NAME 1

FILE N

NAME2

FILE 1 FILE 2 FILE N

NAME N VIRUS

START (CONTROL RECEIVED)

YES

RESIDENT VIRUS

NO

IF COPY OF VIRUS R IN RAM (RESIDENT VIRUS)

SEARCH FOR UNINFECTED FILE & START INFECTION

YES

NO
SEND A COPY TO RAM AND INFECT RAM

CONTINUE INFECTION

EXECUTE ADDITIONAL FUNCTION LIKE GRAPHICAL,SOUND EXECUTION,BOOT

CONTINUE