Friday, October 4, 2024

Parasitic Virus

File Viruses

A file virus (also called Program Virus) is a type of virus which inserts itself into, or associates itself with a file. They only infect files that can be executed. This includes, but is not limited to: .EXE .COM and .DOT files. File viruses can be further divided into:

  • Parasitic Viruses
  • Overwriting Viruses
  • Companion Viruses
  • Linking Viruses

Parasitic Viruses

A parasitic virus attaches itself to a file in order to propagate. It generally keeps most of the file intact and either add itself to the start (prepending viruses) or end of the file (appending viruses). COM and EXE files are easiest to infect, as they are simply loaded directly into memory and execution always starts at the first instruction.

Overwriting Viruses

Most viruses are careful not to destroy the infected file, but overwriting viruses overwrite part of the infected file, so that it will no longer operate. However, this makes these viruses extremely obvious, so they are unlikely to spread far.

Companion Viruses

If you try to run a program without specifying a file extension, the system will always try to find and execute the .COM program first and if it cannot be located then .EXE file will be called next. Companion viruses make use of this to provide an infection mechanism which does not modify the original file in any way. These viruses only infects .EXE files and do so by writing a companion .COM file with the same name. Then, when the user runs an infected program, the .COM file containing the virus is run. It looks for another .EXE file to infect, then loads the requested .EXE file and runs it.

Linking Viruses

These infect programs by changing information in the directory structure and modifying the file pointers, so every infected program starts at the same location (usually the last cluster on the disk) which contains virus code. Cleaning disks infected with a link virus requires a specific approach.

Each of the above file viruses can incorporate different techniques to improve the infection rate or to avoid detection

Back To Computer Section Home Page

Comments are closed.