CiscoSite for PetraCom
   MICROSOFT | HOME SWEET HOMEPAGE | INTERCESSION | LOVE | MUSIC | VEGETATION

Home
Up

#1 Anti Virus
#1 Anti Virus!

Norton Anti Virus
Norton Anti Virus!

You are visitor #### to PetraCom since January 1st, 2000.

SIGN | VIEW
GUESTBOOK

Thank You Line

 

Understanding Viruses

What is a computer virus?

A computer virus is a piece of malicious code that attaches to important areas within computer systems, such as executable files and the boot areas of floppy disks and hard drives. A virus can destroy data after replicating to other host files or disks. The virus spreads when its host file is executed, and the malicious code is unleashed. The virus can quickly spread into memory as the computer boots from an infected disk.

Once in memory, the virus can infect other executable files or disk boot sectors. Typically, a virus remains dormant until some trigger event occurs, such as a system date. In addition to replication, a computer virus often performs some other function, usually intended to do damage or spread a message.

Viruses are created by people who know how to use and manipulate code. However, you can take various counteractions once Norton AntiVirus detects and infection within your system.

How Viruses spread

File viruses spread through just about any network, modem, or magnetic medium. Most boot viruses can only spread by way of floppy disks. Multi-partite viruses are especially elusive because they can travel as a file virus, infect a boot sector, and be transmitted through floppy disks.

The explosive growth of LAN, Internet, and global email connectivity has dramatically accelerated the rate at which viruses can spread. A localized virus outbreak can spread quickly to another part of a company or the world when infected files are sent through email. The primary threat of infection comes from files that are shared, then opened and uses.

Types and characteristics of viruses

There are more than 8,000 known viruses. Many of these viruses have been discovered and analyzed by antivirus vendors, but they have not been encountered in the work or home environment. Though much of what people have heard about viruses is hype, viruses are actually quite common and easily spread. If left unguarded, your network runs a very real risk of data loss or corruption.

Virus types

Although some people want to know what a computer virus is, most people are more curious about the different types of viruses. Viruses are classified by what they infect and how they attempt to evade detection. The four basic virus types are defined according to the area they infect.

Boot viruses

Boot sector viruses are some of the most successful viruses. They're simple to write, and they take control of the computer at a low level.

Boot viruses insert instructions into the boot sectors of floppy disks, or the boot sector or master boot record (partition sector) of a hard drive. When the computer boots from an infected floppy disk, the virus infects the hard drive and loads its code into memory. The floppy disk does not have to be bootable for the virus to spread. The virus remains memory resident and infects any floppy disks that are accessed. Typically the trigger for a boot virus is the system date or time. For example, the Michelangelo virus is a boot virus taht deletes the hard drive of its host on Marcy 6 (Michelangelo di Lodovico Buonarroti Simoni's birthday).

A floppy disk or hard drive with an infected boot sector won't infect any files unless the virus is also multi-partite. A true boot virus can't spread to a server or over the network.

File viruses

File viruses attach to executable files by inserting instructions into the execution sequence. When the infected file executes, the inserted instructions execute the virus code. After the code finishes executing, the file continues with its normal execution sequence. This happens so quickly that you're not aware that the virus executed.

There are three subclassifications of file viruses:

  • Memory resident viruses stay in memory as terminate-stay-resident (TSR) programs and typically infect all executed files.

  • Direct action viruses simply execute, infect other files, and unload.

  • A companion virus associates itself with a executable file without modifying it. For example, the virus might create a companion file, WORD.COM, to the WORD.EXE file. When the Microsoft Word program opens, the infected WORD.COM files executes, perfoms the virus activities, and then executes the WORD.EXE file.

Macro viruses

Macro viruses use an application's programming language to distribute themselves. Unlike other viruses, macro viruses do not infect programs; they infect documents.

The macro virus is triggered when you open a .DOC file with one or more macro viruses written to the NORMAL.DOT template. When you update and save the .DOC file, the macro virus is saved within the NORMAL.DOT template. Therefore, every time you open a .DOC file, the macro virus executes and the .DOC file becomes infected.

Other types of destructive code include worms, Trojan horses, and logic bombs. These types of destructive code are different than viruses because they don't replicate.

Virus characteristics

Many viruses can also be categorized by their characteristics, such as polymorphism or stealth tactics. For example, a boot virus may also be polymorphic.

Polymorphism

A polymorphic virus avoids detection frrom traditional pattern-scanning software because its code doesn't have a fixed pattern of characters. Usually, the polymorphic virus achieves this by encrypting itself differently each time it runs.

Stealth tactics

Stealth viruses travel like boot viruses. However, after they infect new files, they hide their presence and cloak the changes they make to files by hooking interrupts. When a system calls a specific function, the virus executes by forging the results and mimicking the normal function perfectly. For example, you can view a file infected by a stealth virus and see the contents that you expect. Stealth viruses corrupt files by:

  • Forging files size and dates.

  • Hiding changes the virus has made to the boot sector.

  • Redirecting most read attempts.

You can disable stealth viruses by booting from a clean floppy disk. This ensures that the virus is no longer in memory.

From the Norton Anti Virus - Back to Virus Index

   

©2000 PetraCom

1