Computer Viruses: The Nasty Truth
Non-Memory Resident and Memory Resident Viruses:
Non-Memory resident viruses, when they are executed, immediately look for other hosts that can be infected. When they infect these targets, they transfer control to the application program they infected. A non-resident virus has a finder module and a replication module. The finder module, once it finds a new file to infect, calls upon the replication module to infect that file.
Memory-Resident virus stays in the memory and do not look for hosts to infect when they are executed. It stays active in the background after its host program is terminated, and infects files as soon as they are opened or accessed by other programs or the operating system. It does have the replication module like the non-memory resident virus, but without the finder module.
Types of Computer Viruses:
File Viruses: These types of viruses are the most common, and mostly infect open files and program libraries on an operating system. The virus functions by inserting itself into a host file, modifies it in such a way that the virus is executed when the file is opened. They are also known as left viruses. Today, there are known viruses infecting all kinds of executables of standard DOS: batch command files (BAT), loadable drivers (SYS, including special purpose files IO.SYS and MS- DOS.SYS) and binary executables (EXE, COM). There are also viruses targeting executables of other operating systems - Windows 3.x, Windows95/NT, OS/2, Macintosh, Unix, including the VxD drivers of Windows 3.x and Windows95.
Macro viruses: Macros are used in most word processing programs such as Microsoft Office in order to automate or simplify recurring tasks in documents. Macro viruses are those viruses that use the application's own macro programming language to distribute themselves, in which an unwanted sequence of actions is performed automatically when the application is started or something else triggers it. These macro viruses may inflict damage to the document or to other computer software but are relatively harmless, and are often spread as an e-mail virus.
Boot Viruses: These were one of the most common viruses prevalent during the early and mid 1990s, when the use of diskettes was popular. These viruses infect or substitute their own code for either the DOS boot sector or the Master Boot Record (MBR), which controls the boot sequence of the PC. The MBR is executed every time a computer is booted so the virus will also be loaded into memory on every startup and spreads to every disk that the system reads. They are typically very difficult to remove, and most antivirus programs cannot clean the MBR while Windows is running. So, bootable antivirus disks are needed to fix boot sector viruses.
Script viruses: They are a division of file viruses, written in a variety of script languages such as VBS, JavaScript, BAT, PHP, HTML etc. They can form a part of multi-component viruses or infect other scripts such as Windows or Linux command and service files. If the file format, such as HTML, allows the execution of scripts, they can infect it.
No comments:
Post a Comment