Information about viruses

Types of computer viruses

Computer viruses are generally classified as follows:

Boot sector viruses

File viruses

Macro viruses

Other new types of viruses

Information provided by the Information Technology Department of the Government of the Hong Kong Special Administrative Region

Boot sector viruses

Before the mid-1990s, boot sector viruses were the most common type of virus. This virus is hidden in the main boot sector of an infected hard drive or in the boot sector of the disk operating system. When a floppy disk is inserted into an infected personal computer, the virus will infect the boot sector of the floppy disk, thereby spreading the virus.

The computer becomes infected when an infected floppy disk is used to boot the program. During the startup process of the computer, the basic input and output system will execute the virus code located in the boot sector of the floppy disk, so the system will be controlled by the virus. After the virus takes control of the computer system, it will write the virus code into the main boot sector of the hard disk. Afterwards, the normal startup sequence will resume. From the user's perspective, everything appears to be normal.

When the computer is started in the future, the virus residing in the infected main boot sector will start executing. Therefore, the virus can enter the memory and can infect other used floppy disks at any time.

[The main boot sector is the first sector of the hard disk. This sector contains the partition control table and code for executing the operating system. The 16 or more sectors after the main boot sector are usually empty.

A hard drive can be divided into up to 4 storage partitions, and the extended partition of a disk operating system can be divided into multiple logical drives.

The first sector of each partition is the boot sector. This sector contains the data and code of the operating system loaded into the partition.

The floppy disk does not have a main boot sector. A soft disk formatted in the standard disk operating system format is structurally the same as the disk operating system partition of a hard disk. ]

File-type viruses

File-type viruses are viruses that are attached to files and spread through program files rather than data files. A computer becomes infected when it executes an infected program. These infected programs may spread through floppy disks, CD-ROMs, networks and the Internet. After the infected program is executed, the accompanying virus can immediately infect other programs, or it may become a persistent program that can infect other programs in the future. After completing these steps, the virus will resume its normal program execution. Therefore, it is difficult for users to detect any abnormalities when executing infected programs.

File-type viruses generally infect files with specific file extensions. Files with extensions COM, EXE and SYS are common targets of virus infection.

Macro virus

In July 1995, a new computer virus was discovered, which immediately shocked the computer industry. This new virus, called a macro virus, is different from viruses that have been around since it infects data files rather than executable files. In fact, this is not a new concept, because research on the feasibility of writing viruses in macro languages ??began in the late 1980s. Macro viruses that appear in the Word program can be active on many different operating platforms. Moreover, as long as the computer's Word program supports the Word file format, there is a chance of being infected. In other words, whether you are using the OS/2 or Windows version of the Word program, or a PC or Macintosh computer, you may be infected by macro viruses.

Other new types of viruses

Viruses and anti-virus technologies are constantly changing and changing with each passing day. As computer users adopt new operating platforms/computer technologies, virus writers will also develop new viruses and spread them.

Listed below are some new operating platforms/computer technologies where new virus types may appear:

Java

ActiveX

Visual Basic (VB) Script

HTML

Lotus Notes

Java

Java viruses have always been a controversial topic: Can Java viruses be written? Can Java viruses spread from computer to computer or over the Internet? The above issues have been discussed in different news groups. Since Java microapplications are designed to be executed in a controlled environment (called a "sandbox") and have no access to computer files or network connections, the possibility of Java viruses spreading between computers is extremely low.

However, because Java, like other standard programs, allows developers to create applications that can control the entire system, Java viruses have room for their emergence and existence.

The first virus discovered to be based on the Java computer programming language is called "Java.StrangeBrew". It was first discovered in September 1998 and infects files belonging to the Java category. However, this virus only affects stand-alone Java application files, and files executed by micro-applications are not infected. Although Java applications are not common and the spread of the "Java.StrangeBrew" virus is only in its preliminary stages, the impact of this virus cannot be ignored. As Java applications become more popular, it is expected that the types of Java viruses will gradually increase.

ActiveX

Like Java, ActiveX is considered an operating platform that will be vulnerable to virus invasion. If we compare the two in terms of design, the chances of spreading viruses are greater in ActiveX than in Java. Basically, ActiveX is a stripped-down version of Object Linking and Embedding (OLE) that interfaces directly with the computer's Windows system and therefore can be connected to any system function. In addition, ActiveX users are not limited to MS Internet Explorer users; now, Netscape Navigator's plug-in can also use this technology. In contrast, Java is executed in a "controlled environment" or through a program called "Java Virtual Machine", thus isolating Java from various services of the operating system.

Visual Basic (VB) Script

In the past, in order to successfully write a virus that could infect other computers, virus writers had to have a considerable degree of knowledge of the basic operation of computers. . However, with the emergence of macros in Microsoft Office, the tools for writing viruses are ready, and the person who writes them does not need to have a lot of information technology knowledge to be competent. Likewise, the operating environment in which the VB Script virus operates is quickly becoming ubiquitous, making it easy to spread.

VB Script viruses have become a real threat to computer users. Microsoft's original intention was to include a powerful and easy-to-use language to easily access resources in Windows 98/NT systems. VB Script is written in a human-readable format, so it is easy to understand. It is for this reason that many virus writers without advanced information technology knowledge can invade this field.

The first generation of viruses, programs written in VB Script, were hidden in web pages written in HTML and spread across the Internet. Viruses written in VB Script that are currently highly distributable are usually spread by sending emails, and the virus programs are sent together with the email addresses listed in the user's address book. When users execute the program in the attachment, it helps the virus spread.

Hypertext Markup Language (English abbreviation "HTML")

Viruses spread through HTML is another topic that has caused widespread discussion on the Internet.

Someone even claimed/announced the invention/discovery of the first HTML-type virus.

HTML is a writing language that controls the design of web pages. Originally, pure HTML would not be infected, so browsers that only support HTML would not be at risk of virus infection. The chance of the so-called "HTML virus" appearing is extremely slim. Therefore, the real threat does not come from browsing web pages on the Internet, but from downloading virus-infected programs from the Internet and executing them.

However, most current browsers support other languages ??for writing web pages, and so-called "HTML viruses" usually use these languages ??for writing text to spread. Viruses in text usually infect computers through web pages, VBS.Offline is a typical example. Currently, the most common text virus is the VB Script virus just discussed.

Lotus Notes

Lotus Notes has a large number of users and will be targeted by virus writers. Although no native Lotus Notes viruses have been found yet, the rich-text fields in the Lotus Notes database provide a place for traditional viruses (such as file viruses and macro viruses) to reside. Because the records are compressed, general anti-virus software cannot detect viruses in the Notes database. To prevent computer viruses from invading the Notes operating environment, we recommend that users install anti-virus software specially compiled for Notes software.