О. В. Фёдорова е. В. Мезина е. В. Хамис английский язык в сфере информационных технологий и коммуникаций учебное пособие

Nowadays number of viruses is about 55000. It increases constantly. New unknown types of viruses appear. To classify them becomes more and more difficult. In common they can be divided by three basic signs: a place of situating, used operation system and work algorithms. For example according these three classifications virus Chernobyl can be classified as file infector and resident Windows virus. Further it will be explained what it means.

These are viruses that attach themselves to (or replace) .COM and .EXE files, although in some cases they can infect files with extensions .SYS,

.DRV, .BIN, .OVL and .OVY. With this type of virus, uninfected programs usually become infected when they are executed with the virus in memory. In other cases they are infected when they are opened (such as using the DOS DIR command) or the virus simply infects all of the files in the directory is run from (a direct infector).There are three groups of file infectors.

Viruses of the first group are called overwriting viruses because they overwrite their code into infected file erasing contents. But these viruses are primitive and they can be found very quickly.

Other group is called parasitic or cavity viruses. Infected file is capable of work fully or partly but contents of last one are changed.

Viruses can copy itself into begin, middle or end of a file. They record their code in data known not to be used.

Third group is called companion viruses. They don’t change files. They make double of infected file so when infected file is being started a double file becomes managing, it means virus. For example companion viruses working with DOS use that DOS firstly runs COM. file and after if this file is not found runs EXE. file. Viruses make double file with a same name and with extension COM and copies itself in this file. During start of infected file DOS runs a COM. file with a virus firstly and then a virus starts an EXE. file.

Sometime companion viruses rename file will be infected and record their code in a double file with old name. For example the file XCOPY.EXE is renamed into XCOPY.EXD and virus record itself in file XCOPY.EXE. When this file is started computer runs a virus code firstly and after virus starts original XCOPY, saved as XCOPY.EXD. Viruses like this were found not only in DOS. They were found in Windows and OS/2.

It is not only one way to make double files. For example there is subgroup of companion viruses called path-companion viruses. They use special feature of DOS - PATH: hierarchical record of file location. Virus copies itself in file with the same name but situated one level higher. In this case DOS will find file with virus.

Boot Viruses

Every logical drive, both hard disk and floppy, contains a boot sector.This is true even of disks that are not bootable. This boot sector contains specific information relating to the formatting of the disk, the data stored there and also contains a small program called the boot program(which loads the DOS system files). The boot program displays the familiar "Non-system Disk or Disk Error" message if the DOS system files are not present. It is also the program that gets infected by viruses. You get a boot sector virus by leaving an infected diskette in a drive and rebooting the machine. When the boot sector program is read and executed, the virus goes into memory and infects your hard drive. Remember, because every disk has a boot sector, it is possible (and common) to infect a machine from a data disk. NOTE: Both floppy diskettes and hard drives contain boot sectors.

The first physical sector of every hard disk (Side III, Track III, Sector)

1) contains the disk's Master Boot Record and Partition Table. The Master Boot Record has a small program within it called the Master Boot Program, which looks up the values in the partition table for the starting location of the bootable partition, and then tells the system to go there and execute any code it finds. Assuming your disk is set up properly, what it finds in that location (Side 1, Track Ш, Sector 1) is a valid boot sector.

On floppy disks, these same viruses infect the boot sectors. You get a Master Boot Record virus in exactly the same manner you get a boot sector virus -- by leaving an infected diskette in a drive and rebooting the machine. When the boot sector program is read and executed, the virus goes into memory and infects the MBR of your hard drive. Again, because every disk has a boot sector, it is possible (and common) to infect a machine from a data disk.