COMPUTE!'s computer viruses.pdf - adamas.ai
COMPUTE!'s computer viruses.pdf - adamas.ai
COMPUTE!'s computer viruses.pdf - adamas.ai
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
How Viruses Work<br />
Boot infectors can be benign or malignant. The Pakistani<br />
Br<strong>ai</strong>n virus (described in the previous chapter), for example,<br />
was cl<strong>ai</strong>med to be a benign boot infector virus in its original<br />
form. The company in Lahore, Pakistan supposedly wrote it<br />
merely as a way to keep track of their software.<br />
Programmers refer to code that is extremely efficient for a<br />
particular task as elegant. The Br<strong>ai</strong>n virus program is elegant at<br />
doing its task of infection, and is also easy to modify into a<br />
very malignant form.<br />
Whether it was originally meant to be this or not, the virus<br />
is now a nasty little monster that can infect hard disks and destroy<br />
FAT entries, delete files, and perform other destructive<br />
activities.<br />
Boot infectors can do the following:<br />
• Move or overwrite the original boot sector<br />
• Replace the boot sector with themselves<br />
• Create bad sectors cont<strong>ai</strong>ning virus rem<strong>ai</strong>nder<br />
• Infect through soft reboot (Ctrl-Alt-Del) or other functions.<br />
System Infectors<br />
Several kinds of <strong>viruses</strong>, ag<strong>ai</strong>n as described in InterPath<strong>'s</strong><br />
informational file, attach themselves to COMMAND. COM<br />
and other system files that rem<strong>ai</strong>n memory resident. They g<strong>ai</strong>n<br />
control after system boot and infect hard disks or other<br />
bootable floppies that cont<strong>ai</strong>n the appropriate system files.<br />
Memory resident programs (also called TSR<strong>'s</strong> for Terminate<br />
and Stay Resident) are prime candidates for infection<br />
by this type of virus. Any power user of <strong>computer</strong>s has several<br />
of these programs, such as Borland<strong>'s</strong> Sidekick on both IBM<br />
PCs and compatibles, and also for Apple<strong>'s</strong> Macintosh.<br />
However, even if you have no TSR programs in memory,<br />
the operating system probably already has. Such MS-DOS commands<br />
as COPY, DIR, and ERASE are loaded into memory<br />
when the <strong>computer</strong> boots. These miniprograms can be accessed<br />
and manipulated (to your detriment) by system infectors.<br />
System infectors may activate after a given period of time<br />
or they may instantly begin subtle modifications in system<br />
processing-including increasing the time to perform system<br />
23