COMPUTE!'s computer viruses.pdf - adamas.ai

More documents

Recommendations

Info

Chapter 3 ting does erase all data. You cannot do a low-level format with regular operating system commands (such as MS-DOS). Usually these are done by hard disk installation programs, or by viruses. System operation. FAT, Directory, and Boot Sector scrambling are ways in which system operation can be played with. It takes just a few milliseconds for a virus to destroy the file allocation table, erase the directory, or overwrite the boot sector. Overwriting the boot sector is an effective way of killing a hard disk. The system simply refuses to boot up. You may get an error message such as Probable Non-DOS Disk. The system may also be slowed down and other unacceptable operations occur. Data scrambling. The effects here are usually more subtle and may not be caught for months. Numbers are randomly changed. Customer accounts and other data become corrupted. If the computer is used for billing you may learn this immediately in a scorching phone call, or, in the case of under-billing, you may lose a lot of money before finding out you have viral problems. Boot Infectors The Computer Virus Industry Association's three classes of viruses are described in the online file "Anti-Virus Measures" from association member InterPath Corporation (manufacturers of C-4 and Tracer). Boot infectors attach themselves to sector 0 of floppy disks and, occasionally, hard disks. This area of the disk is part of the boot track. Viruses that have infected the boot track gain control when the system is first turned on and remain in control at all times. Many have the capability to trap warm boot requests (holding down the Ctrl and Alt keys and pressing the Del key) and remain in control even if booted from a noninfected floppy, with the result that the clean floppy becomes instantly infected. Boot infectors typically create bad disk sectors to which the original boot sector is copied, along with the remainder of the virus code. Boot infectors may be from 2 to 7 sectors in length. 22
How Viruses Work Boot infectors can be benign or malignant. The Pakistani Brain virus (described in the previous chapter), for example, was claimed to be a benign boot infector virus in its original form. The company in Lahore, Pakistan supposedly wrote it merely as a way to keep track of their software. Programmers refer to code that is extremely efficient for a particular task as elegant. The Brain virus program is elegant at doing its task of infection, and is also easy to modify into a very malignant form. Whether it was originally meant to be this or not, the virus is now a nasty little monster that can infect hard disks and destroy FAT entries, delete files, and perform other destructive activities. Boot infectors can do the following: • Move or overwrite the original boot sector • Replace the boot sector with themselves • Create bad sectors containing virus remainder • Infect through soft reboot (Ctrl-Alt-Del) or other functions. System Infectors Several kinds of viruses, again as described in InterPath's informational file, attach themselves to COMMAND. COM and other system files that remain memory resident. They gain control after system boot and infect hard disks or other bootable floppies that contain the appropriate system files. Memory resident programs (also called TSR's for Terminate and Stay Resident) are prime candidates for infection by this type of virus. Any power user of computers has several of these programs, such as Borland's Sidekick on both IBM PCs and compatibles, and also for Apple's Macintosh. However, even if you have no TSR programs in memory, the operating system probably already has. Such MS-DOS commands as COPY, DIR, and ERASE are loaded into memory when the computer boots. These miniprograms can be accessed and manipulated (to your detriment) by system infectors. System infectors may activate after a given period of time or they may instantly begin subtle modifications in system processing-including increasing the time to perform system 23
Page 3 and 4: COMPUTE!'s COMPUTER VIRUSES Ralph R
Page 5: CONTENTS Preface ..................
Page 8 and 9: help you understand and implement w
Page 10 and 11: Chapter 1 One factor on our side is
Page 12 and 13: Chapter 1 a virus that would attack
Page 14 and 15: Chapter 1 That, again, is what this
Page 17 and 18: 2 HISTORY AND INFAMOUS VIRUSES You
Page 19 and 20: History and Infamous Viruses import
Page 21 and 22: History and Infamous Viruses to be
Page 23 and 24: History and Infamous Viruses The di
Page 25 and 26: 3 HOW VIRUSES WORK The disaster ori
Page 27 and 28: How Viruses Work may be thought of
Page 29: Types of Viruses How Viruses Work T
Page 33 and 34: How Viruses Work times until the pr
Page 35 and 36: How Viruses Work So far, as we will
Page 37: The Retro-Virus How Viruses Work Th
Page 40 and 41: Chapter 4 This, despite the very re
Page 42 and 43: Chapter 4 computer system contracti
Page 44 and 45: Chapter 4 Software at Aldus was app
Page 46 and 47: Chapter 4 "We believe authors of th
Page 48 and 49: Chapter 4 The Defense Authorization
Page 50 and 51: Chapter 4 equally different virus p
Page 52 and 53: Chapter 4 • If operating in a net
Page 54 and 55: Chapter 4 that viruses can be, and
Page 56 and 57: Chapter 4 a utility from the origin
Page 58 and 59: Chapter 4 Now in its eighth edition
Page 60 and 61: Chapter 4 the FAT table using Norto
Page 62 and 63: Chapter 4 Try rebooting again. Shou
Page 64 and 65: Chapter 5 as severe as it could ver
Page 66 and 67: Chapter 5 "These days, anybody who
Page 68 and 69: Chapter 5 Some programmers are begi
Page 70 and 71: Chapter 5 the new uploads section i
Page 72 and 73: Chapter 5 Reward Offered There is o
Page 74 and 75: Chapter 5 A registration form for p
Page 76 and 77: Chapter 5 2. Don't just assume that
Page 78 and 79: Chapter 5 time and field experience
Page 80 and 81:
Chapter 5 Does the software detect
Page 82 and 83:
Chapter 5 "Now, most viruses in the
Page 84 and 85:
Chapter 5 "Since viruses can be cre
Page 86 and 87:
Chapter 5 now, all in the same pack
Page 89 and 90:
6 CORPORATE INITIATIVES FORPCDATA S
Page 91 and 92:
Corporate Initiatives for PC Data S
Page 93 and 94:
. Corporate Initiatives/or PC Data
Page 95 and 96:
Page 97:
Page 100 and 101:
Chapter 7 had used nothing but legi
Page 102 and 103:
Chapter 7 need these to help the ma
Page 104 and 105:
Chapter 8 and individuals who do se
Page 106 and 107:
Chapter 8 Bombsqad Product BOMBSQAD
Page 108 and 109:
Chapter 8 Caware Product Caware Com
Page 110 and 111:
Chapter 8 and present checksum tota
Page 112 and 113:
Chapter 8 file, reporting all the g
Page 114 and 115:
Chapter 8 types of viruses on its o
Page 116 and 117:
Chapter 8 Disk Watcher Product Comp
Page 118 and 119:
Chapter 8 reports the name and loca
Page 120 and 121:
Chapter 8 Ficheck should not be pla
Page 122 and 123:
Chapter 8 Flu-Shot+ Product Flu_Sho
Page 124 and 125:
Chapter 8 Guard Card Product Guard
Page 126 and 127:
Chapter 8 transfer from a remote si
Page 128 and 129:
Chapter 8 When properly installed,
Page 130 and 131:
ChapterS or destruction of your val
Page 132 and 133:
Chapter 8 Trojan Stop Product Troja
Page 134 and 135:
Chapter 8 Vaccine from Foundation W
Page 136 and 137:
Chapter 8 legal to Vaccine. No prog
Page 138 and 139:
Chapter 8 expensive tools for detec
Page 140 and 141:
Chapter 8 XFICHECK Product XFICHECK
Page 142 and 143:
Chapter 9 In this chapter we introd
Page 144 and 145:
Chapter 9 they're on your disks. So
Page 146 and 147:
Chapter 9 138 Resources with which
Page 148 and 149:
Chapter 9 140 After Vaccine has bee
Page 150 and 151:
Chapter 9 142 measures and are not
Page 152 and 153:
Chapter 9 false or incomplete as mo
Page 154 and 155:
Chapter 10 erable expense of replac
Page 156 and 157:
Chapter 10 Each time a disk is plac
Page 159 and 160:
11 AMIGA These are called the pious
Page 161 and 162:
Amiga Amiga-oriented AMnews Magazin
Page 163 and 164:
Amiga "If you run across a strain o
Page 165:
Amiga Other Amiga Viruses The Byte
Page 168 and 169:
Chapter 11 Roberts: Say, you're a g
Page 170 and 171:
Chapter 11 the job. The next releas
Page 172 and 173:
Chapter 12 Potential for Major Disa
Page 174 and 175:
Chapter 12 expert should even open
Page 176 and 177:
INDEX activation 6 activation perio
Page 178:
public domain 32, 34, 43, 85, 88, 9
show all

COMPUTE!'s computer viruses.pdf - adamas.ai

Create successful ePaper yourself

Delete template?

Save as template?