McAfee AVDCDE-BA-CA User Guide - Page 10
File infector viruses - benefits
View all McAfee AVDCDE-BA-CA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 10 highlights
Preface For a time, sophisticated descendants of this first boot-sector virus represented the most serious virus threat to computer users. Variants of boot sector viruses also infect the Master Boot Record (MBR), which stores the partition information your computer needs to figure out where to find each of your hard disk partitions and the boot sector itself. Realistically, nearly every step in the boot process, from reading the MBR to loading the operating system, is vulnerable to virus sabotage. Some of the most tenacious and destructive viruses still include the ability to infect your computer's boot sector or MBR among their repertoire of tricks. Among other advantages, loading at boot time can give a virus a chance to do its work before your anti-virus software has a chance to run. Many McAfee anti-virus products anticipate this possibility by allowing you to create an emergency disk you can use to boot your computer and remove infections. But most boot sector and MBR viruses had a particular weakness: they spread by means of floppy disks or other removable media, riding concealed in that first track of disk space. As fewer users exchanged floppy disks and as software distribution came to rely on other media, such as CD-ROMs and direct downloading from the Internet, other virus types eclipsed the boot sector threat. But it's far from gone-many later-generation viruses routinely incorporate functions that infect your hard disk boot sector or MBR, even if they use other methods as their primary means of transmission. Those same viruses have also benefitted from several generations of evolution, and therefore incorporate much more sophisticated infection and concealment techniques that make it far from simple to detect them, even when they hide in relatively predictable places. File infector viruses At about the same time as the authors of the Brain virus found vulnerabilities in the DOS boot sector, other virus writers found out how to use other software to help replicate their creations. An early example of this type of virus showed up in computers at Lehigh University in Pennsylvania. The virus infected part of the DOS command interpreter COMMAND.COM, which it used to load itself into memory. Once there, it spread to other uninfected COMMAND.COM files each time a user entered any standard DOS command that involved disk access. This limited its spread to floppy disks that contained, usually, a full operating system. Later viruses quickly overcame this limitation, sometimes with fairly clever programming. Virus writers might, for instance, have their virus add its code to the beginning of an executable file, so that when users start a program, the virus code executes immediately, then transfers control back to the legitimate software, which runs as though nothing unusual has happened. Once it activates, the virus "hooks" or "traps" requests that legitimate software makes to the operating system and substitutes its own responses. x McAfee VirusScan Anti-Virus Software