1. TSR . (Terminate and stay resident ) A virus may or may not become resident in memory. If it does go TSR, then its chances of infecting files are greatly increased. Otherwise it can only do its stuff when an infected program is run. If the virus is in memory it can infect files any time it chooses. Partition table and boot sector infecting viruses are always TSRs.
2. Stealth . Some TSR viruses use a sophisticated technique called Stealth cloaking. What this means is the virus will fool the system so that everything appears to be normal. When a user does a directory listing the virus will intercept the disk read, and alter the data so that the file sizes appear to be unchanged, when in actuality they have increased in size. Boot sector infectors may use stealth so that when the user attempts to view the boot record, instead of showing the actual boot record, a copy of the old boot record is returned instead. Because of stealth techniques it may be impossible to detect a virus once it has become resident in memory. The only sure way to check for a stealth virus is to boot from a clean, write- protected floppy, then scan the hard drive. It is a good idea to prepare such a floppy disk ahead of time, and adding anti-virus software. Most anti-virus software allow the user to create an emergency boot disk, as does windows itself.
3. Activation criteria and effect. The other area that gives a virus its personality is the activation criteria, or what makes it go off. Some activate by the date, others activate when a certain program is run, and others will activate when they can't find any more files that haven't been infected yet. When a virus activates it will take a certain action. This is known as the activation effect.The effect may be as simple and harmless as is playing a message or as malicious as trashing the victim's hard drive.
No comments:
Post a Comment