17. Appendix C.
Classifying computer viruses
Discussing various virus types.
The
computer virus
is a computer program
(that is, executable code
and/or a collection of instructions) that can replicate itself (though the copy
may not necessarily exactly match the original) and penetrate files and
other resources of computer systems and networks and make them per-
form tasks the virus dictates without the user’s permission. Copies of the
program are also capable of self-replication.
Computer viruses can be classified using the following criteria:
•
environment
;
•
operating system
;
•
algorithm features
;
•
destructive capabilities
.
If we classify viruses according to
environment
, we come up with the fol-
lowing types:
•
file
viruses infect executable files (the most widespread virus
type), create twin-files (companion viruses), or use features of
the operating system arrangement (link viruses);
•
boot
viruses occupy a boot sector or Master Boot Record of the
infected disk, or change the pointer to the active boot sector;
•
macro
viruses infect documents and spreadsheets of several
popular editors;
•
network
viruses use network and e-mail protocols and instruc-
tions to spread themselves.
Of course, you may run across combination viruses. For example,
file-boot-
viruses
infect both files and boot sectors. Such viruses usually apply ex-
tremely complicated performance algorithms and absolutely new methods
284