page_top
 
eStore   |   Download trial version   |   Support


Home

Estore

Product Downloads

Support

Renewals

Kaspersky Products

Partners

Contact Us

Threats

Crimeware
Viruses
Hackers
Spam
Spyware
Malware

The term “virus” is often loosely used in reference to any type of malicious program, or it is used to describe any negative event that a malicious program causes to a host system.

In the simplest terms, a virus is defined as program code that replicates from one host file to another. This simple definition leaves room for further sub-division, which has become necessary due to the evolution of malicious code over the last two decades.

Computer Viruses can be further classified by the types of objects they infect, the method used to select a potential host, and infection technique.

Infection by type: Boot sector and multipartite viruses infect boot sectors and key operating system startup files (primarily COMMAND.COM).

File viruses infect application .COM and .EXE files. Word Macro and Excel Macro viruses infect Microsoft Word .DOC and .XLS files, respectively.

Classified by the method they use to select their host: “Indirect action file viruses” load into memory and hook into the system interrupt table(s) so they can infect as files are accessed. Conversely, “direct action file viruses” do not become a memory resident, they simply infect a file (or files) when an infected program is run.

Infection technique: “Appending viruses” add code to the end of a host file, while “Prepending viruses” insert their code at the beginning of a host file, effectively "shifting up" the program's original code. Overwriting viruses replace the host file completely with their own code causing irreparable damage to the original host file. By contrast, companion viruses and link viruses avoid adding code to a host file at all.

Companion viruses create a file of the same name, but with an extension that is higher up in the execution hierarchy. Link viruses manipulate FAT (file allocation table) entries.

There are viruses that fail to work altogether. This could due to a bug in the original programming of the virus or a natural corruption (for example, a devolving virus eventually corrupts itself to the point that it can no longer function). One wonders how such corruptions can be classified as viruses at all, and yet they are the bane of the anti-virus industry. Corrupted samples show up all too often in well-intended comparative reviews, and can badly skew test results.

Useful links

The Kaspersky VirusList

The Wildlist Organisation Information on viruses spreading in the wild

The Enemy Within A British newspaper's view of virus writers

How Computer Viruses Work
footer
Download a trial version |  Renew your licence  |  Contact  |  Terms and Conditions of Sale