1、 一、英文原文 Virus Introduction Viruses will cause much confusion. Even some virus “experts” will misinform the cause of the virus. Lets define what we mean by virus. A virus is a program that reproduces its own code by attaching itself to other executable files, so the virus code is executed when the in
2、fected executable file is executed. Here, the program (COM or EXE file) refers to an executable file. To attach might mean physically adding to the end of a file, inserting into the middle of a file, or simply placing a pointer to a different location on the disk somewhere where the virus can find i
3、t. Most viruses place self-replicating codes in other programs, so that when those other programs are executed, even more programs are infected with the self-replicating codes. These self-replicating codes, when caused by some event, may do a potentially harmful act to your computer. The macro porti
4、on of a data file maybe much more critical (e.g., a Microsoft Word document), but less obvious. More recently, scripts written for Internet web sites and/or included in E-mail can also be executed and infected. Similar to viruses, you can also find malicious codes in Trojan Horses, worms, and logic
5、bombs. Virus Behavior Infection Phase Viruses have many different forms, but they all potentially have two phases to their execution: the infection phase and the attack phase. Now we firstly discuss the infection phase. When the virus executes it can infect other programs. Some viruses infect other
6、programs each time they are executed; other viruses infect only upon a certain cause. This cause could be anything, a day or time, an external event on your PC, a counter within the virus, etc. Virus writers want their programs to spread as far as possible before anyone notices them. Many viruses go
7、 resident in the memory of your PC (like TSR). The virus may silently resident in memory waiting for you to access a diskette, copy a file, or execute a program, before it infects anything. Because the cause condition they use for their infection is hard to guess, viruses are more difficult to analy
8、ze. Resident viruses frequently take over portions of the system software on the PC to hide their existence. This technique is called stealth. Polymorphic techniques also help viruses to infect yet avoid detection. Note that worms often take the opposite approach and spread as fast as possible. Whil
9、e this makes their detection virtually certain, it also has the effect of slowing networks and denying access. Virus Behavior Attack Phase Many viruses do unpleasant things such as deleting files or changing random data on your disk, simulating typewriting or merely slowing your PC down; some viruse
10、s do less harmful things such as playing music or creating messages or animation on your screen. Just as the infection phase can be caused by some event, the attack phase also has its own cause. Does this mean a virus without an attack phase is benign? No. Most viruses have bugs in them and these bu
11、gs often cause unintended negative side effects. In addition, even if the virus is perfect, it still steals system resources. Viruses often delay revealing their presence by launching their attack only after they have had enough opportunity to spread. This means the attack could be delayed for days,
12、 weeks, months, or even years after the initial infection. The attack phase is optional, many viruses simply reproduce and have no cause for an attack phase. Does this mean that these are good viruses? No! Anything that writes itself to your disk without your permission is stealing storage and CPU c
13、ycles. This is made worse since viruses that just infect, with no attack phase, often damage the programs or disks they infect. This is not an intentional act of the virus, but simply a result of the fact that many viruses contain extremely poor quality code. An example, one of the most common past
14、viruses, Stoned, is not intentionally harmful. Unfortunately, the author did not anticipate the use of anything other than 360KB floppy disks. The original virus tried to hide its own code in an area of 1.2MB diskettes that resulted in corruption of the entire diskette (this bug was fixed in later v
15、ersions of the virus). Number of Viruses In 1990, estimates ranged from 200 to 500; then in 1991 estimates ranged from 600 to 1,000 different viruses. In late 1992, estimates were ranging from 1,000 to 2,300 viruses. In mid-1994, the numbers vary from 4,500 to over 7,500 viruses. In 1996 the number
16、climbed over 10,000. 1998 saw 20,000 and 2000 topped 50,000. Its easy to say there are more now. The confusion exists partly because its difficult to agree on how to count viruses. New viruses frequently arise from someone taking an existing virus that does something like put a message out on your screen saying Your PC is now stoned and changing it to say something like Donald Duck is a liar!. Is this a new virus? Most
