Types and types of malware. History and development

Malware-- any software designed to gain unauthorized access to the computing resources of the computer itself or to information stored on the computer, with the aim of unauthorized use of computer resources or causing harm to the owner of the information (or the owner of the computer) by copying, distorting, deleting or replacing information.

Malicious software is divided into three main classes: computer viruses, network worms, Trojan horses. Let's consider each of them in more detail.

Computer viruses

This class malware is the most common among the rest.

Computer virus - variety computer programs, a distinctive feature of which is the ability to reproduce (self-replication). In addition, viruses can damage or completely destroy all files and data controlled by the user on whose behalf the infected program was launched, as well as damage or even destroy the operating system with all files as a whole.

Usually, the user himself, who does not check antivirus program information that enters the computer, as a result of which, in fact, infection occurs. There are quite a few ways to "infect" a computer with a classic virus (external storage media, Internet resources, files distributed over the network)

Viruses are divided into groups according to two main features: by habitat, by the method of infection.

By habitat, viruses are divided into:

  • · File(injected into executable files)
  • · Boot(implemented in boot sector disk or to the sector containing the bootloader of the hard drive)
  • · Network(spread over a computer network)
  • · Combined(for example, file-boot viruses that infect both files and the boot sector of a disk. These viruses have original way penetration and difficult algorithm of work)

According to the method of infection are divided into:

Network worms

The next big class of malware is called "Worms"

A network worm is a malicious program code that spreads its copies over local and/or global networks in order to penetrate a computer, launch its copy on that computer, and spread further. To spread, worms use e-mail, irc-networks, lan, data exchange networks between mobile devices etc. Most worms are distributed in files (an attachment to an email, a link to a file). But there are also worms that spread in the form of network packets. Such varieties penetrate directly into the computer's memory and immediately begin to act resident. To penetrate the victim computer, several methods are used: independent (packet worms), user (social engineering), as well as various flaws in security systems operating system and applications. Some worms have the properties of other types of malware (most often Trojans).

Classes of network worms:

Mail worms (Email-Worm). This is a malicious system that resides in a file attached to an email. The authors of the mail worm in any way induce to execute the attached file with the virus. He is disguised as new game, update, or popular program. By activating activity on your computer, the mail worm first sends its own copy by e-mail, using your address book, and then harms your computer.

  • · Internet pager worms (IM-Worm). The action of this "worm" almost completely repeats the method of distribution used by mail worms, only the carrier is not an email, but a message implemented in instant messaging programs
  • · Worms for file-sharing networks (P2P-Worm). To infiltrate a P2P network, the worm only needs to copy itself to a file sharing directory, which is usually located on the local machine. The P2P network takes care of the rest of the distribution work - when searching for files on the network, it will inform remote users about given file and provide a service for downloading it from an infected computer.

There are more complex worms of this type that mimic network protocol specific file-sharing system and positively respond to search terms. At the same time, the worm offers its copy for download.

Using the first method, the "worm" searches the network for machines with resources open for writing and copies them. However, it can randomly find computers and try to open access to resources. To penetrate the second way, the "worm" looks for computers with installed software, which has critical vulnerabilities. Thus, the worm sends a specially crafted packet (request), and part of the "worm" penetrates the computer, after which it downloads the full body file and launches it for execution.

Trojans

Trojans or programs of the "Trojan horse" class are written with the aim of causing damage to the target computer by performing actions not authorized by the user: data theft, damage or deletion of confidential data, disruption of the PC or use of its resources for unseemly purposes.

Some Trojans are capable of independently overcoming the protection systems of a computer system in order to penetrate it. However, in most cases, they enter the PC along with another virus. Trojans can be considered as additional malware. Often, users themselves download Trojans from the Internet.

The cycle of activity of Trojans can be defined by the following stages:

  • - penetration into the system.
  • - activation.
  • - performing malicious activities.

Trojans differ among themselves in the actions they perform on an infected PC.

  • · Trojan-PSW. Purpose - Theft of passwords. This type Trojans can be used to search system files that store various confidential information (for example, passwords), "steal" registration information for various software.
  • · Trojan Downloader. Purpose - Delivery of other malicious programs. Activates programs downloaded from the Internet (run for execution, registration for autoload)
  • · Trojan-Dropper. Installing on a disk of others malicious files, their launch and execution
  • · Trojan-proxy. Provide anonymous access from the victim's PC to various Internet resources. Used to send spam.
  • · Trojan Spy. They are spyware. They carry out electronic spying on the user of an infected PC: the information entered, screenshots, a list of active applications, user actions are saved in a file and periodically sent to the attacker.
  • · Trojan(Other Trojans). They carry out other actions that fall under the definition of Trojans, for example, the destruction or modification of data, disruption of the PC.
  • · backdoor. They are remote administration utilities. Can be used to detect and transmit to an attacker confidential information, data destruction, etc.
  • · ArcBomb ("Bombs" in the archives). Cause abnormal behavior of archivers when trying to unpack data
  • Rootkit. Purpose - Hiding the presence in the operating system. With the help of program code, the presence of certain objects in the system is hidden: processes, files, registry data, etc.

Of these, the most widely used spyware - Trojan Spy and RootKit (rootkits). Let's consider them in more detail.

Rootkits. V Windows system RootKit is considered to be a program that is illegally introduced into the system, intercepts calls to system functions (API), and modifies system libraries. Interception of low-level APIs allows such a program to mask its presence in the system, protecting it from detection by the user and antivirus software.

Conventionally, all rootkit technologies can be divided into two categories:

  • Rootkits running in user mode (user-mode)
  • Rootkits running in kernel mode (kernel-mode)

Sometimes rootkits come in email attachments, masquerading as documents. different formats(e.g. PDF). In fact, such a "imaginary document" is an executable file. Trying to open, the user activates the rootkit.

The second way of distribution is the sites subjected to hacker manipulation. The user opens a web page - and the rootkit gets into his computer. This is possible due to flaws in the security system of browsers. computer file program

Rootkits can be planted not only by intruders. There is a well-known case when the Sony Corporation built a kind of rootkit into its licensed audio CDs. Rootkits are essentially the majority software tools copy protection (and means to bypass these protections - for example, emulators of CD and DVD drives). They differ from "illegal" ones only in that they are not set secretly from the user.

Spyware. Such programs can perform a wide range of tasks, for example:

  • · Collect information about Internet usage habits and most frequently visited sites (tracking program);
  • · Remember keystrokes on the keyboard (keyloggers) and record screenshots of the screen (screen scraper) and send information to the creator in the future;
  • · Be used for unauthorized analysis of the state of security systems - scanners of ports and vulnerabilities and crackers of passwords;
  • · Change the parameters of the operating system - rootkits, control interceptors, etc. - resulting in a decrease in the speed of the Internet connection or loss of connection as such, opening other home pages or deleting certain programs;
  • · Redirect browser activity, which entails visiting websites blindly with the risk of viruses.

Programs remote control and controls can be used for remote technical support or access to your own resources that are located on a remote computer.

Passive tracking technologies can be useful for personalizing the web pages a user visits.

These programs are not viruses in themselves, but for one reason or another they are included in anti-virus databases. As a rule, these are small programs that have a small area of ​​influence and, like viruses, are ineffective.

  • · Adware is a generic name for software that forces ads to appear.
  • · Bad-Joke - bad jokes. Programs that frighten the user with unexpected and non-standard opening or use graphics. It can also be programs that give false messages about formatting a disk or stopping the program, etc.
  • · Sniffer - a program designed to intercept and then analyze network traffic.
  • · SpamTool - a program designed to send spam (as a rule, the program turns the computer into a spam machine).
  • · IM-Flooder - a program that allows you to send various messages in large quantities to a given IM-messenger number.
  • · VirTool - utilities designed to facilitate writing computer viruses and to study them for hacker purposes.
  • · DoS (Denial of service) - a malicious program designed to carry out a Denial of Service attack on a remote server.
  • · FileCryptor, PolyCryptor - hacking tools used to encrypt other malicious programs in order to hide their contents from anti-virus scanning.

Probably the majority computer users faced with malicious software or its attempt to penetrate the computer. Timely detected malware is easy to remove and forget about it. But if this is not done, then you can lose important data or face worse things. Types of computer viruses can be divided into several main groups.

Types of malicious software.

Viruses are programs that enter a computer in a variety of ways. No wonder this species was given such a name - computer viruses act similarly to biological ones. They get into the file and infect it. Then they switch to infecting other files. Such a file transferred from an infected computer to a “healthy” computer can infect it as well. Depending on the type of virus, it can cause unpleasant effects such as computer slowdown or system crashes. Often users under the word "virus" mean Trojans or worms, but this is wrong. Viruses are a type of malware, just like Trojans, worms, etc.

Trojans are programs that, unlike viruses, cannot replicate. The principle of their work is as follows: masking in a file and waiting for the user to access it. Once the infected file has been opened, the Trojan starts its work. Most often, Trojans act as a collector of certain information, changing or deleting data from an infected PC.

Worms are programs similar to viruses. However, their difference is that the virus must penetrate the file in order to start destructive work, while the worm does not need to do this. It can multiply on its own, thereby cluttering up the user's system. In addition, the work of the worm can be directed to the network. Often these worms send copies of themselves in bulk by e-mail. They are used as a password guesser for hacking Email infected PC.

Spies are programs that, as the name implies, are collectors of information about the user's computer: configuration, activities, and other confidential data.

Keyloggers are programs that record every keystroke. Used to gather information and steal victim passwords.

Ransomware (blockers) are programs that infect a user's PC with a banner with information that the computer is locked. Such blockers require sending an expensive message to a specific number in order to receive an unlock code. As a rule, no codes are returned in response.

Zombies are the result of malware infecting a computer. As a rule, hackers create mass computer zombies to attack (DDOS, spam).

Precautions and ways to deal with viruses.

In fact, the list of these programs is much longer, so only those that are widely used have been listed. All of them can harm the computer and user data to varying degrees. To prevent this, you need to follow simple rules:

Installation of high-quality anti-virus protection. It is better if it is not a lonely antivirus, but complex protection in the form of an antivirus, firewall, antispyware, firewall, backups etc.

Permanent PC scan. If you are too lazy to run a scan yourself, you can configure the antivirus to scan on schedule. The optimal scan frequency is once every two weeks.

Attentiveness. Do not download suspicious files sent by e-mail, follow unknown links, install programs downloaded from unknown sources. It is worth remembering that malware can be "picked up" not only from the Internet, but also, say, from a flash drive.

Updates. System and software updates may be released not only for the purpose of optimization, but also to improve protection. Therefore, it is recommended to install all updates offered by the operating system, browser, email client and other programs.

A virus is commonly understood as a type of malware that copies itself. With its help, other files are infected (like viruses in real life that infect biological cells for the purpose of reproduction).

With the help of a virus, you can do a large number of various actions: gain access to the computer in the background, steal the password and make the computer freeze (filled with RAM and loaded by the CPU by various processes).

However, the main function of a malware virus is the ability to reproduce. When it is activated, programs on the computer become infected.

By running the software on another computer, the virus infects files here too, for example, a flash drive from an infected PC inserted into a healthy one will immediately transfer the virus to it.

Worm

The behavior of a worm resembles that of a virus. The only difference is distribution. When a virus infects programs run by a person (if the programs are not used on an infected computer, the virus will not penetrate there), the worm spreads through computer networks, on a personal initiative.

For example, Blaster spread to Windows XP in a short period of time, because this operating system was not known for reliable protection of web services.

Thus, the worm used Internet access to the OS.

After that, the malware moved to a new infected machine in order to continue further reproduction.

You rarely see these worms, because today Windows is distinguished by high-quality protection: a firewall is used by default.

However, worms have the ability to spread by other methods - for example, they infect a computer through an email inbox and send copies of themselves to everyone who is saved in the contact list.

A worm and a virus can do many other dangerous things when they infect a computer. The main thing that gives malware the characteristics of a worm is the way it spreads its own copies.

Trojan

Trojans are commonly understood as a type of malware that looks like normal files.

If you run the "Trojan horse", it will start working in the background along with the usual utility. In this way, Trojan developers can gain access to their victim's computer.

Trojans also allow you to monitor activity on a computer, connect a computer to a botnet. Trojans are used to open gateways and download various types of malicious applications onto a computer.

Consider the main distinguishing points.

¹ Malware hides as useful applications and during startup it functions in the background, provides access to your own computer. You can draw a comparison with the Trojan horse, which became the main character in the work of Homer.

² This malware does not copy itself into various files and is not capable of self-propagation over the Internet, like worms and viruses.

³ Pirated software may be infected with a Trojan.

Spyware

Spyware is another type of malware. In simple words, this application is a spy.

It is used to collect information. Various types of malware often contain Spyware inside them.

Thus, there is a theft of financial information, for example.

Spyware is often used with completely free software and collects information about web pages visited, file downloads, and so on.

Software developers make money by selling their own knowledge.

Adware

Adware can be considered an ally of Spyware.

We are talking about any kind of software for displaying advertising messages on a computer.

It also often happens that Adware uses additional advertising on sites while browsing. In this situation, it is difficult to suspect anything.

Keylogger

The keylogger is a malicious utility.

Runs in the background and captures all button presses. This information may include passwords, usernames, details credit cards and other confidential data.

The keylogger most likely saves button presses to own server, where they are analyzed by a person or special software.

Botnet

The botnet is a huge computer network, which is managed by the developer.

In this case, the computer acts as a "bot" because the device is infected with certain malware.

If the computer is infected by a "bot", then it contacts some control server and waits for instructions from the developer's botnet.

For example, botnets can create DDoS attacks. All computers in the botnet can be used to attack a specific server and website with various requests.

These frequent requests can cause the server to crash.

Botnet developers sell access to their own botnet. Fraudsters can use large botnets to carry out their insidious ideas.

rootkit

A rootkit is usually understood as malicious software that is located somewhere in the outback of a personal computer.

Lurking different ways from users and security programs.

For example, a rootkit is loaded before Windows starts and edits the system functionality of the operating system.

The rootkit can be disguised. But the main thing that turns a malicious utility into a rootkit is that it hides in the "bowels" of the operating system.

Banners ransomware

We are talking about a rather insidious form of malicious software products.

It seems that not a small number of people have met with this type of slanderer.

So a computer or individual files will be held hostage. They will have to pay a ransom.

The most popular variety is considered to be porn - banners that require you to send money and indicate the code. You can become a victim of this software, not only by going to porn sites.

There is malware like CryptoLocker.

It literally encrypts some objects and requires payment for opening access to them. This type of malware is the most dangerous.

Phishing

Phishing (English phishing, from fishing - fishing, fishing - a type of Internet fraud, the purpose of which is to gain access to confidential user data - logins and passwords.

This is achieved through mass mailings. emails on behalf of popular brands, as well as private messages inside various services, for example, on behalf of banks or within the social. networks.

After the user gets to the fake site, the scammers use various psychological tricks to force the user to enter his data on the fake page, the login password that he uses to access the site, this allows the scammers to gain access to accounts and bank accounts.

Spam

Spam is the mailing of commercial or other advertising to persons who did not express a desire to receive it.

In the generally accepted meaning, the term "spam" in Russian was first used in relation to the distribution of e-mails.

Unsolicited messages in instant messaging systems (for example, ICQ) are called SPIM (English) Russian. (Eng. Spam over IM).

Spam accounts for between 60% and 80% of global email traffic (excerpt taken from Wikipedia).

Conclusion

Here are almost all the most "popular" types of malware viruses.

I hope you can minimize your meetings with them, and you will never meet with some about how to protect your computer and your user data, you can read in.

Results

Why is antivirus software called that? Perhaps due to the fact that a large number of people are convinced that "virus" is a synonym for malicious software.

Antiviruses, as you know, protect not only from viruses, but also from other unwanted programs, but also for prevention - warnings against infection. That's all for now, be careful this is one of the main components of protecting your computer.

Interesting video 10 destructive computer viruses.

In this article, we will get to know main types of malware . There are many different types of these, let's take them all in order!

And so I will try to describe everything quite simply, I think you will like it! And so let's go!

Viruses

The first type is, as you probably all already know, “viruses” (computer) and “worms” (well, also computer J) what is it? Surely you have heard many definitions and their classification? If not yet, now you will certainly know and imagine what it is and how they work!

Viruses are a kind of malicious software that performs various unauthorized actions in your OS (Operating System), it all depends on its purpose. Basically, a virus is a program code that gives your computer certain commands that the computer executes. How this happens and how viruses are written, we will talk with you in the article “Virus commands and how it works” Well, that’s all about viruses for now, let’s move on to the next type, these are worms.

Worms

Worms what is it and how does it work? This is also malicious software that contains a “code” of a slightly different plan, namely, the main difference is self-reproduction (copying itself), each copy of it retains its inherited self-reproduction properties! Which is very bad for your computer speed.

Trojans

Trojans are programs designed and written specifically for the specific "needs" of an attacker. For example, a Trojan can easily copy your data (eg passwords, or other information from your computer).

I would like to note that such programs can also modify or block information or even a whole system of commands on your computer! Be careful, these are very dangerous and harmful programs that can cause serious consequences. Let me give you an example, let's say your computer, after visiting the Internet, picked up a "trojan" and your antivirus found it in you, you think they say, well, I'll delete it and that's it! At first glance, everything is logical as they picked it up and deleted it, it would seem fearless!

And as I already wrote, if you read carefully, then such a program can modify information and commands (Change, make changes) and it turns out that the Trojan was removed, and it has already done its job by changing a number of commands in your system or its settings. What could this turn out to be? Yes, absolutely at least everything depends on the code and what changes it brought to the system of your PC.

These are the pies, dear readers! Well, I would like to write how a Trojan differs from a simple virus. The main difference is that such Trojans do not copy "themselves" (do not create copies of themselves). Well, let's move on with the Trojans!

The next type is rather tricky programs and they are referred to by type as "Malware utilities" This is one of the most complex types programs as these programs can be both useful and harmful. And of course, how am I without an example :)

Malicious utilities

I will give an example, such a program is installed on your PC ( Personal Computer) and then it may not harm your computer at all, but as always there is a but. Such a program can hack another computer's security system from yours! Do you represent? Sit means you drink your seagulls, watch a movie, and in the meantime, the processor of your machine processes commands that bypass the protection system of another computer, there are few such utilities, but they already exist and I have come across them! And this is how you understand far from everything about this type, but for now let's finish this and move on to another type.

Adware, Pornware and Riskware

Adware, Pornware and Riskware are a little more complicated and a little more detailed. So what is this malware? Heh, I'll try to be as clear as possible. Let's start... This is definitely a conditional range of malware, since it can be both harmful and completely useful programs, Let's give an example again for clarification? Everything will be clearer with the example. Let's say you are a System Administrator and you need to install a remote system administration program for computers, for those who are not very familiar with this I will write briefly. This is the ability to control another computer from a distance, through local network(Special cable) or internet. So here in this case everything is fine as you need it to simplify the operation and maintenance of other PCs. But imagine if in the role system administrator there will be an attacker who wants to get into this his other idea of ​​exploiting this loophole?

That's all briefly described, in more detail I will write many more articles on this type, how it all works, and how to implement it all and protect against such threats.

Nowadays, even a person who is not connected with computers knows approximately what a computer virus is. However, not everyone knows that computer viruses are only part of malicious software. In fact, not every program that can adversely affect the operation of a computer is a virus. That is what I would like to focus on in this article. We will be dividing malware as such into classes and types.

As a rule, each anti-virus corporation has its own classification according to which the experts of its laboratory determine the belonging of a new malicious code. I think many have noticed that different corporations will have different names for the same code. It is the difference in classifications that is to blame. But let's not beat around the bush, but let's get right down to business. Today we will use the classification of the laboratory of Eugene Kaspersky (I think there is no need to explain who he is;)). Malicious software is divided into four large groups, which, in turn, are divided into classes. So, let's start in order.

Network worms

Of late, network worms seem to have lost their popularity among virus writers. And can the activists of this “movement” be called the real creators of viruses? I think not. Most of these people are schoolchildren or students who, in one way or another, fall into the hands of Trojan designers. And the occurrence of truly worthy specimens of worms that really would properly perform their malicious functions has been reduced to a minimum. Take, for example, the security bulletin of Kaspersky Lab for the first half of 2006 (see Fig. 1). The diagram clearly shows which of the malware groups prevails. Well, okay, we are talking about network worms. A network worm is a malicious program code that spreads its copies over local and/or global networks in order to penetrate the victim computer, launch its copy on this computer and further spread. To propagate, worms use e-mail, ISQ, P2P and IRC networks, LANs, and data exchange networks between mobile devices. Most worms are distributed in files (an attachment to an email, a link to a file, etc.). But there are also worms that spread in the form of network packets. Such varieties penetrate directly into the computer's memory and immediately begin to act resident. To penetrate the victim computer, several methods are used: independent (packet worms), user (social engineering), as well as various security holes in the operating system and applications. Some worms have the properties of other types of malware (most often Trojans). Now, perhaps, in more detail on the classes of network worms:

Mail worms (Email-Worm). This class network worms use email to spread. In this case, the worm sends a letter to the victim with an attached code body, or the letter contains a link to a resource (infected, of course). Worms use to send messages the following ways: direct connection to the SMTP server using the mail library built into the worm's code; use of MS Outlook services; usage Windows features MAPI.

To search for addresses of victims, the MS Outlook address book is most often used, but the WAB address database can also be used. The worm can scan files stored on disks and extract from them lines related to e-mail addresses. Worms can send copies of themselves to all addresses found in mailbox(some have the ability to respond to letters in the mailbox). There are instances that can combine methods.

Worms that use Internet pagers (IM-Worm). Known computer worms of this type use the only distribution method - sending messages to detected contacts (from the contact list) containing a URL to a file located on any web server. This technique almost completely repeats the similar method of distribution used by mail worms.

Worms in IRC channels (IRC-Worm). Worms of this class use two types of distribution: sending a URL link to the body file to the user; sending a file to the user (the user must confirm receipt).

Worms for file sharing networks (P2P-Worm). The mechanism of most of these worms is quite simple: to infiltrate a P2P network, a worm just needs to copy itself to a file exchange directory, which is usually located on the local machine. The P2P network takes care of the rest of the work on its distribution - when searching for files on the network, it will inform remote users about this file and provide all necessary service to download it from an infected computer.

There are more sophisticated P2P worms that imitate the network protocol of a specific file-sharing system and positively respond to search requests (while the worm offers a copy of itself for downloading).

Using the first method, the worm searches the network for machines with writable resources and copies them. However, it can randomly find computers and try to open access to resources. To penetrate the second method, the worm looks for computers with installed software that has critical vulnerabilities. Thus, the worm sends a specially crafted packet (request), and part of the worm penetrates the computer, after which it downloads the full body file and launches it for execution.

Classic viruses

When a professional says "virus" they are referring to this type of malware. Viruses, unlike worms, do not network services to distribute their copies. A computer virus, as a rule, gets on a victim computer for reasons that do not depend on the functionality of the code. Usually the user is to blame, who does not check the information that enters the computer with an antivirus program, as a result of which, in fact, infection occurs. There are quite a few ways to "pick up" a classic virus:

  • external storage media;
  • Internet resources;
  • files distributed over the network (LAN, Internet).

A classic computer virus may have the properties of other types of malware (for example, a Trojan horse destroying information on a disk). Viruses are divided into classes according to their habitat, and these classes, in turn, are divided into subclasses according to the mode of infection. So, according to the environment, viruses are divided into file, boot, macro and script viruses. File viruses are used to infect file system OS. They are embedded in executable files in various ways, create duplicate files, and so on.

Overwriting viruses (Overwriting). The most common way of infection. The virus rewrites the program code (replaces it with its own), after which, of course, the file stops working. A file infected by this method cannot be recovered. The overwrite virus quickly reveals itself as the infected system (or program) ceases to function.

Companion viruses. This method implies the creation of a duplicate file, while the code of the victim file does not change. Usually, the virus changes the file extension (for example, from .exe to .com), then creates a copy of itself with a name identical to the name of the victim file, and gives it an extension that is also identical. An unsuspecting user launches their favorite program and does not suspect that it is a virus. The virus, in turn, infects a few more files and launches the program requested by the user.

There are other methods of infection, but they are so rare that we will only list them: viruses that infect object modules (OBJ); Viruses that infect compiler libraries (LIB); viruses that infect program source code. Known for this moment boot viruses infect the boot sector floppy disk and the boot sector or Master Boot Record (MBR) of the hard drive. The principle of operation of boot viruses is based on the algorithms for starting the operating system when the computer is turned on or restarted - after the necessary tests installed equipment(memory, disks, etc.) the system boot program reads the first physical sector boot disk(A:, C: or CD-ROM depending on the options set in BIOS Setup) and transfers control to it. When infecting disks, boot viruses “substitute” their code for some program that takes control when the system boots. Thus, the principle of infection is the same in all the methods described above: the virus “forces” the system, when it is restarted, to read into memory and give control not to the original bootloader code, but to the virus code. Floppy disks are infected by the only known method - the virus writes its own code instead of the original boot-sector code of the diskette. Winchester gets infected with three possible ways: the virus is written either instead of the MBR code, or instead of the boot sector code of the boot disk (usually the C: drive), or it modifies the address of the active boot sector in the Disk Partition Table located in the MBR of the hard drive. When a disk is infected, the virus in most cases transfers the original boot sector (or MBR) to some other sector of the disk (for example, to the first free one). If the length of the virus is greater than the length of the sector, then the first part of the virus is placed in the infected sector, the remaining parts are placed in other sectors (for example, in the first free ones). Macro viruses mainly infect MS Office documents. In this case, the virus adds its code to the macro area of ​​the document. The location of the virus code in the documents of different applications of the package described above is different, so it can only be represented schematically (see Fig. 2). Script viruses are viruses written in script languages ​​(VBS, JS, BAT, PHP, etc.). They infect files with a fairly wide range of extensions: from .exe to .html.

RELATED ARTICLES