Home
Contacts About us Map Language RU Language UA

Varieties of computer viruses

Let's take a closer look at the main varieties of computer viruses in Windows-like operating systems. The basic fundamental ideas underlying the viruses, are not very many (several dozen). Among the variety of computer viruses, the following groups should be distinguished:

Let's take a closer look at the main varieties of computer viruses in Windows-like operating systems

  • boot viruses infect the computer boot program stored in the boot sector hard drive, and run when the computer boots;

  • file viruses in the simplest case infect replenished files, but can spread through files and even do not modify files at all, but only to have some relation to them;

  • Boot-file viruses have symptoms of both boot and file viruses;

  • driver viruses infect device drivers of the computer or launch themselves by Include an additional line in the configuration file.

From a variety of computer viruses, it is necessary to mention network viruses that spread in networks that connect many tens and hundreds of thousands of computers.

Consider the principles of the functioning of a variety of computer boot viruses. Each hard drive has service sectors used by the operating system for its own needs, including the boot sector. In addition to information about the hard drive (the number of tracks, the number of sectors, etc.), it contains a small program for starting the computer. Magnetic disks of computers of the Winchester type are divided into several logical partitions. Startup programs are available in the MBR (Master Boot Record) and in the boot partition of the hard drive. However, the bootloader program in MBR uses the so-called Partition table, which contains information about the position of the boot partition on the disk, when the boot partition of the hard drive boots to the boot program. The virus can corrupt Partition table information and thus transfer control to its code written to the disk, without formally changing the boot program.

Now consider the principles of the operation of file viruses. The file virus is not necessarily resident, it can, for example, infiltrate the code of the executable file. When the infected file is launched, the virus gets control, performs some actions, and returns control to the code into which it was embedded. Actions performed by the virus include finding the right file to infect, embedding it in such a way as to get control at the start of the file, the product of some effect, for example, sound or graphic. If the file virus is resident, it is installed in memory and gets the ability to infect the files and manifest themselves regardless of the original infected file.

By infecting a file, the virus will always change its code, but it does not always make other changes. In particular, the beginning of the file and its length (which used to be a sign of infection) may not change. For example, some versions of computer viruses can distort information about files stored in the service area of magnetic disks - the file allocation table (FAT), and thus making it impossible to work with files.

Boot-file computer viruses use the principles of both boot and file viruses, and are the most dangerous.

Tools