Beruflich Dokumente
Kultur Dokumente
INFECTING ALL KIND OF EXECUTABLE OF DOS :BATCH COMMAND FILES,LODABLE DRIVERS(IO.SYS,MSDOS.SYS) AND BINARY EXECUTABLE(.EXE,.COM) ALSO INFECTS EXECUTABLE OF OTHER OS LIKE WIN95/NT,LINUX etc VIRUSES ARE SOMETIMES INFECTING PROGRAM SOURCE CODE,LIBRARIES OR OBJECT MODULES
FILE VIRUSES MAY OR MAY NOT LEAVES THE CONTENT OF THE PROGRAM UNCHANGED BUT ATTACH TO THE HOST IN SUCH A WAY THE VIRUS CODE IS RUN FIRST IT MAY BE 1)DIRECT ACTION OR 2) RESIDENT
OVERWRITING VIRUSES PARASITIC VIRUSES COMPANIOM VIRUSES FILE WORMS LINK VIRUSES OBJ,LIB VIRUSES AND SOURCE CODE VIRUSES
OVERWRITING VIRUS
* VIRUS OVERWRITES THE CONTENTS OF TARGET EXECUTABLE WITH ITS OWN CODE DESTROYING THE ORIGINAL. * EXECUTABLE STOPS WORKING AND CANNT BE RESTORED. * VIRUSES UNCOVER THEMSELVES VERY QUICKLY. THIS TYPE OF VIRUS IS RARELY FOUND.
PARASITIC VIRUSES
FILE VIRUSES, WHICH HAVE TO CHANGE THE CONTENT OF TARGET FILES WHILE TRANSFERRING COPIES OF THEMSELVES THIS VIRUS MAY BE 1>PREPENDING 2>APPENDING 3>INSERTING
PREPENDING VIRUS
(SAVING THEMSELVES AND THE TOP OF FILE) -|--------|--------------------------|| FILE | | -|--------|--------------------------|-
APPENDING VIRUS
(SAVING THEMSELVES AT THE END OF FILE)
DANGEROUS AND VERY HARD TO KILL BECAUSE IT IS LOADED INTO RAM UPON DOS BOOT EARLIER THAN ANY ANTIVIRUS PROGRAM
INSERTING
VIRUS
MOVES A FRAMENT OF FILE TO ITS END OR SPREADS AND WRITES ITS OWN CODE INTO THE FREED SPACE
THE
VIRUS CAN BE COPIED TO THE UNUSED PARTS OF THE ADDRESS RELOCATION TABLE OF A DOS EXE FILE OR TO THE HEADER AREA OF EXE FILE ,TO THE STACK AREA OF COMMAND.COM,CHARACTER STRING AREA OF COMPILERS
UTILIZING DOS FEATURES TO RUN .COM FILES THAN THE .EXE COM-EXE OPTION & BAT-COM-EXE OPTION
XCOPY.EXE (TARGET)
FILE WORMS
(MODIFICATION OF COMPANION VIRUSES)
COPY THEIR CODES TO SOMEWHERE IN DISK OR DIRECTORIES AND WAIT FOR THEIR EXECUTION BY USERS GIVES THEMSELVES SPECIAL NAMES LIKE INSTALL.EXE,WINSTART.EXE
FIRST ONE USES ONLY OS,THE SECOND ONE MULTIPLY WITH THE HELP OF NETWORKING PROTOCOLS SO WORMSSSS
LINK VIRUSES
(AS CATALYST) DIR_II FAMILY
DIRECTORY STRUCTURE
NAME 1 NAME2
DISK
FILE 1 FILE 2
NAME N NAME 1
FILE N
NAME2
NAME N VIRUS
YES
RESIDENT VIRUS
NO
YES
NO
SEND A COPY TO RAM AND INFECT RAM
CONTINUE INFECTION
CONTINUE