TYPES OF VIRUS

• A "boot sector" virus occupies the boot sector of a floppy or hard disk and loads itself into memory during the boot-up sequence. Once in memory, it will attempt to infect the boot sector of any floppy disk used in the computer.
• An "executable load" virus is a type of virus which attaches itself to executable files and runs when the program is started. Once in memory, it will attempt to infect other program files by attaching itself to them.
• A "polymorphic virus" is a virus which encrypts itself, changing its viral "signature" each time using a "mutation engine" in an attempt to evade detection and destruction.
• A "MACRO" virus is one which is written in a programming language embedded inside another program, such as a word processor. The commonest program suite targeted by MACRO viruses is the Microsoft Office group of applications, with the "Concept" and "LaRoux" viruses targeting Word and Excel, but any program which hosts a complex embedded macro programming language could be used to write such a virus.

Types of Payload

• Viruses with non-destructive payloads play tunes, display banner messages or pop-up messages without causing any data loss, but they are a distraction, and they still need to be removed
• Random destruction, where the virus changes odd bytes on disk or in memory, alters keystrokes at random, or messes around with the display.
• Heavy destruction - the virus can cause the destruction of hard or floppy disks by low-level format, or data loss by wiping out a PC's File Allocation Table (FAT).
• A new generation of viruses have a payload of Network Exploitation, use the Internet to copy themselves, and are more like "worms" than viruses. The notorious Melissa virus, which spread to a large number of computers in 1999, worked by infecting Microsoft Word97 documents then using Microsoft Outlook email software to email itself as an attachment to 50 people chosen from the infected user's email address book.

Getting Infected

Here are some of the ways of getting infected by a virus. Good A/V counter-measures start by recognizing the risk of infection from each source and taking appropriate steps in prevention.

• The commonest cause of infection is shared floppy disks, but archive tapes and CD-ROMs can also be infected.
• Any form of pirate software or warez, either downloaded from the Internet or BBSs, purchased or swapped with other warez traders.
• Freeware or shareware software from a bulletin board, sometimes even when it appears to be from a trusted source.
• Freeware or shareware from sources on the Internet, even when it appears to be from a trusted source.
• Any form of email attachments, either programs or documents, are now suspect.