There are several different classes of Virus. I have listed them below with examples in some cases.
 

Boot viruses

infect the boot block on a floppy or hard disk. Typical examples are STONED and MICHAELANGELO. These usually replace the boot block with all or part of a virus program which stashes itself in memory and moves the boot block on the disk to another location. Often the damage is done because the boot block is moved blindly to another disk location, over-writing what ever is resident there. There may be other "interesting" effects triggered by specific events, such as Ping Pongs timer.

File Viruses

infect ordinary *.EXE or *.COM files. Usually they just append the virus code to the file; but recent versions have
gotten trickier, and hide their additions. Friday the 13th loads into memory on execution of the infected file, and if
the date matches Friday the 13th, deletes *.exe files - often itself included!

Multipartite Viruses

infect both systemic areas such as boot blocks and executable files. These are opportunistic infectors, finding the
available files at random.

Systemic Viruses

focus on the system files necessary for DOS. These are files which control the allocation of system resources, such
as directories, and files. In some cases a much more basic level of attack against CMOS structures is attempted.

Polymorphic Viruses

combine a range of strategies to attack the integrity of the operating system.

Stealth viruses

try to conceal there presence. This may be as simple as modifying the file structure to conceal the additional code
added to a file. It may go so far as making sure that when added to machine code in the *.COM file that the CRC is
not changed (a technically very tricky bit of work).

Meta Viruses

Viruses that execute their nastywork in the very helpful meta languages embedded in powerful modern programs
like MS Word.

Trojan Horses

are crude, front door attacks. They rely on simple naiveté (which I have fallen for many times). The level ot the
threat can be very potent, however, because they do not require any backdoor - you gave them the key!

FAQ Section:

1. What is a virus?

A virus is a computer program designed to disrupt normal operations in a computer. The idea is that the virus seizes control of your computer making it difficult for you to do anything.
2. What can a virus do?

Lots of things. Some do no file damage, some do moderate damage, some crash your hard drive altogether making it difficult for you to even start your computer. The last thing you want to let happen is leave a virus in your computer long enough to detonate. If this happens, you risk loosing every file in your system.
3. Where do viruses come from?

Viruses are created by hackers who have nothing better to do than think of ways of hurting other people. Virus programming is just high tech vandalism.
4. What are the chances of a virus infection in my computer?

Depends on how you use your computer. If you download from bulletin boards & the internet on a daily basis without scanning these files for viruses, you chances of a virus infection are very good. If you are in the habit of using other disks not scanned for viruses, you chances are even better of getting nailed. However, if you never buy new software programs, use disks from other people or download from bulletin boards or the internet, you chances of getting a virus are close to zero.
5. Do viruses automatically do their damage after they infect a computer?

Definitely not!! Viruses are like time bombs. There is usually a certain amount of time between when they land in a computer's hard drive and when they detonate. Successful viruses will spend days, weeks or even months sitting in your computer infecting every executable file and disk you use in your computer. The idea is that the virus spreads to your friends computer before it trashes yours. Obviously, if your computer is disabled, the virus cant spread anywhere anymore. Well designed viruses use all kinds of tricks to elude detection by a well trained computer user or by antivirus programs.
6. How do viruses spread? How can you detect an incoming virus?

I'll give you one example. A few months ago, I received a disk from someone working in an oil company downtown. I was asked to look at some Excel spreadsheet files on this disk. I inserted the disk in my floppy dive. Since I had never seen this disk before, I was wise to instruct my antivirus program to scan its contents for viruses.
BOOM! My antivirus program turned my screen red with stiff warnings there was indeed a virus on this disk.
There are two ways this disk could have been infected. (1) The files on the disk had a virus or (2) the boot sector on the disk had a virus hidden in it. Excel spreadsheet files (.XLS) are not "executable" files but they can be infected by "Macro" viruses. As it turned out, my antivirus program told me the boot sector on this disk had a virus on it.

I printed out the warning and gave it to the person who gave me the disk. I told this person that their computer(s) at their office were infected with a virus. "That's not possible. Our computers are working fine" I was told. However, the next day they virus scanned their computers only to find out they WERE infected with the very same virus I detected on the disk they gave me. They were shocked!
Afterwards, they ran their antivirus program and removed the virus from their computer(s)...I hope.

By the way, the disk they gave me, I just reformatted erasing everything, including the virus. I could have had my antivirus program "clean" the disk but I didn't bother because I didn't want to mess with it.

7. Regarding the above story: Why didn't the other computers, which were being used as a host by the virus, show any signs of being infected before they were scanned for viruses?

Ah, yes. Here's where it gets interesting. Obviously the virus was still in the infection stage in their computer when they gave me the infected disk. Naturally, if these guys knew their computers were infected with a virus, they wouldn't have given me the disk in the first place. However, this is how viruses spread. A virus will try to hide its presence for some time while infecting every disk and/or every executable file in the host computer in hopes that the unsuspecting user will share these with someone else, thus also sharing the virus. After an elapsed period of time, the virus detonates on the host computer thus often disabling it.
Obviously, a virus cant spread from a dead computer. However, that's no problem because it already spread to several other computers earlier on when everything seemed to be working fine. And once the virus spreads to other computers, they in turn become hosts spreading the virus further on like a filthy chain letter.
8. Do all viruses crash computers and/or destroy files?

Not all but enough do that you don't want to risk it. Or do you? I don't!
Keep in mind one VERY VERY important item: viruses are not tested for quality control like useful software programs. A virus program may do unintentional file damage which even the virus programmer didn't intended. Virus programmers do not usually test their little creations making sure they compatible with other software and operating systems. There are a lot of viruses out there with bugs in their code. It is far easier to create a computer program that does not work than one that does.
If any loud mouth rattles to you about "harmless viruses", ask them if the virus in question has been tested for system compatibility and quality control?
9. Are viruses easy to remove?

Some Yes, some No. There are some very good antivirus programs out there. However, there are also some determined virus programmers as well who refuse to concede defeat. The virus/antivirus thing is like a cat-and-mouse-game with each side constantly trying to stay ahead of the other. Up to 4 new viruses are created every day around the world. Antivirus programs must be kept up-to-date to detect these new viruses.
10. Can antivirus programs always restore a computer to its normal condition?
11. NO, they cant! Antivirus programs cant restore files which have been destroyed by a "file-overwriting" virus. In these cases, the infected files have been corrupted beyond repair. Try gluing a glass window together after it has been smashed by a rock, it you catch my drift. In many cases, it is necessary to reload damaged files from you backup disks. Often, computer users are in the unfortunate position of reloading all their DOS and WINDOWS files as if they just bought a new computer with nothing on it.
 
    To the Top  

Virus Glossary

Back Door:

An entry to a program, or system created by its designer to allow special access; often without proper security checks. A classic back door was used by a teen-age hacker in the movie "War Games".

 

Bacterium:

A program which spreads to other users or systems by copying itself as a by product of execution. It doesn't infect other programs, but acts independently.

Bogus Programs:

Programs which do not do what they have been advertised to do. A example is XTRATANK, which claims to double your hard drive space. It merely diddles the file allocation to double the reported size of the disk.

 

Boot Sector Virus:

A virus secreted in the boot sector or replacing the boot sector on a floppy disk. Also a virus on the master boot block of a hard disk, or in the partition table of a hard disk. N.B. even non-systems floppy disks still have a boot sector; they just lack the boot program on that block ! Examples are Stoned and Michaelangelo viruses.

 

Bug:

An error in the design or implementation of a program, that causes the program to do something unintended. Remember even viruses have bugs. The original "bug" was a moth stuck in a relay of ENIAC.

 

Checksum:

A number that uniquely defines a file, block or other bit of computer code. A checksum is calculated by applying an algorithm to each byte of the code and rotating it, logically ANDing or ORing it to some standard, or otherwise encoding it. The result is a single number which is a numeric finger-print.

 See cyclic redundancy check (CRC).

 

Cracks:

Programs with the anti-copying protection removed, disabled or by-passed. Both hard-ware and software anti-pirating techniques can be broken with the appropriate knowledge and software.

 

Cyclic Redundancy Check (CRC) :

A unique numeric finger-print of a file, block or other bit of computer code. This is usually calculated using a look-up table. It is common in error checking protocols. See checksum.

 

Device Bomb:

A program which executes based on the presence of a particular device, such as a com port, hard-drive D:, etc., usually with malicious actions.

 

Droppers:

Programs which have a legitimate use, but contain viruses which are secretly planted in system. Droppers may actually be commercial software hacked to drop viruses.

 

FAT:

File Allocation Tables. These areas of the formatted floppy or hard disk contain information used by the system to locate and maintain the file structure.

File Viruses :

These viruses infect files with *.COM or *.EXE extensions. Friday the 13th is an example. Also included in this category are viruses which use the "corresponding files" technique. These viruses search for directories with files with .EXE extensions and then creates a file of the same name with a .COM extension. Since DOS executes files with the *.COM extension before those with the .EXE extension, the virus is executed and then passes control to the .EXE file.

Hacks:

Software which has been illegally modified by a system expert. See cracks, pirates, droppers, etc.. This may be as simple as modifying parts of the code with a debugger; to patching the system to snatch interrupts.

Hoaxes:

Programs which claim to do the impossible; and don't. An example is a file 2496 which claims to provide instructions on running a 2400 bps modem at 9600 or even 14400 bps. If you follow the instructions, you get a modem which runs at 0 bps.

 

Immunization:

An anti-virus strategy to prevent virus infection. This may involve putting a virus signature into software to be immunized in hopes of fooling a virus into believing the code is already infected. It may also involve creating checksums for each file which can be compared during later anti-virus examinations to guard against virus infection.

Interrupt :

A hardware or software signal which indicates to the operating system some event such as a keystroke has happened. It is typically taken care of by an interrupt handler which services the event.

 

Jokes:

Programs which do something intended to be amusing, without causing serious harm, or replicating. BUGS, which cause little bugs to run across the screen when executed is an example.

 

Logic bomb:

A program which executes on the occurrence, or lack of occurrence of a set of system conditions. Classic examples are programs which cease functioning if the programmer's name is removed from the company's payroll list.

 

Multi-partite Viruses:

These viruses infect both boot sectors and files. Tequila is an example.

Pirates:

Any illegally obtained software. Also software which has had the copy-right notices, or other identification altered or removed.

 

Polymorphic Viruses:

These viruses change their characteristics as they replicate. Many of these utilize the Bulgarian Dark Avenger's mutating engine. The Whale virus is an example.

 

Rabbit :

A program designed to exhaust a system resource (e.g. CPU time, disk space, terminal I/O, etc.) by replicating itself without limit. It differs from a bacterium in that it is specifically targeted at a system resource; and from a virus in that it is a self contained program.

Rogue Program:

A program that is no longer under the control of its owner, the system or its executing terminal; a.k.a. zombie. A virus is the ultimate rogue program!

 

Stealth Viruses:

These viruses conceal the results of infection; keeping file length unchanged for example, or modifying the file in such a way that the checksum is not changed. They may simply alter the system so that the file length is reported unchanged although it is actually increased. Hundred years is an example.

 

Systemic Viruses:

These viruses infect parts of the system other than the boot block. The file allocation table (FAT), device tables, directories, device drivers and COMMAND.COM are typical targets. Number of the Beast is an example.

Time Bomb:

A logic bomb activated after a certain amount of time, or on a certain date. The classic example is a program that ceases functioning on a given date, as a control for leasing it. Such a program is often re-activated by an appropriate password

Trojan Horse Programs:

A program which has a hidden aspect which causes malicious damage. The classic is AIDS, which purports to be an AIDS data base, but actually destroys the hard disk when executed. False logon screens which snatch the users logon ID and password are another example.

 

Virus (pl. viruses):

a program that can "infect" other software by modifying them to include a copy of itself. A program need not cause malicious damage to be a virus; the act of "infecting" other programs is central to the definition.

 

Worm:

A program that spreads copies of itself through-out a network. The first use of the term was applied to a program that copied itself benignly around a network, to use otherwise unused resources for distributed computation. A worm becomes a a security problem when it spreads against the wishes of the system owners, and disrupts the network by overloading it.  To the Top

---


 

This page is designed and written by John Jenkins. If there are any questions or other issues about the content, email me, and I will deal with it in a timely manner. If specific help is requested an email address with an lctn.com or ecsis.net domain is required. All others will be deleted. As with all programs on the internet, you, the downloader, assumes all risk of file damage or viruses that these or any programs may contain that are received over the internet. Neither CSS, ECS, nor the author will be responsible for any damage done by any program received over the internet. Please note this includes programs that are virus free but may cause problems with other programs on your computer and programs that simply won't run right on a particular machine.