Characteristics and classification of computer viruses

Computer viruses are characterized by:

(1) parasitism;

(2) infectivity;

(3) incubation period;

(4) concealment;

(5) destructive;

(6) Triggerability;

According to the characteristics and characteristics of computer viruses, there are many ways to classify computer viruses. Therefore, the same virus may be divided into many different ways.

1. According to the system classification of computer virus attacks.

(1) virus attacks DOS system. This virus appeared the earliest, the most, and the most varieties. At present, computer viruses appearing in China are basically of this kind, accounting for 99% of the total number of viruses.

(2) Viruses that attack Windows systems. Due to the popularity of Windows graphical user interface (GUI) and multitasking operating system, Windows is gradually replacing DOS, thus becoming the main target of virus attacks. At present, the first CIH virus found to destroy computer hardware is Windows 95/98 virus.

(3) Viruses that attack UNIX systems. At present, UNIX system is widely used, and many large-scale operating systems use UNIX as the main operating system, so the emergence of UNIX virus is also a serious threat to human information processing.

(4) Viruses attacking OS/2 system. The first virus that attacked OS/2 system was found in the world. Although simple, it is also ominous.

2. Classification according to virus attack mode.

(1) A virus that attacks a microcomputer. This is the most widespread virus in the world.

(2) Computer viruses that attack minicomputers. Minicomputers have a wide range of applications, which can be used as node computers of the network and also as computer network hosts of small computer networks. At first, people thought that computer viruses could only happen on microcomputers, and minicomputers would not be invaded by viruses. However, since the Internet was attacked by a worm program on June 5438+0988165438+10, people realized that minicomputers could not be protected from computer viruses.

(3) Computer viruses that attack workstations. In recent years, computer workstations have made great progress, and the application scope has also developed greatly, so it is not difficult to imagine that the emergence of viruses attacking computer workstations is also a great threat to information systems.

3. Classify computer viruses according to their link modes.

Because the computer virus itself must have an attack object to attack the computer system, the object of the computer virus attack is the executable part of the computer system.

(1) source virus

This virus attacks programs written in high-level languages. The virus was inserted into the original program before the program written in a high-level language was compiled into a legal program.

(2) Embedded virus

This virus embeds itself into the existing program, and connects the main program of the computer virus with the object it attacks through insertion. This kind of computer virus is difficult to write, and it is difficult to eliminate once it invades the program body. If polymorphic virus technology, super virus technology and hidden virus technology are adopted at the same time, it will bring severe challenges to the current anti-virus technology.

(3) coat virus

Shell viruses surround the main program without modifying the original program. This virus is the most common, easy to write, easy to find, and the size of the general test file can be known.

(4) Operating system virus

This virus uses its own program to join or replace some operating systems, which is very destructive and can cause the whole system to be paralyzed. Point virus and cannabis virus are typical operating system viruses.

When the virus is running, it replaces the legitimate program module of the operating system with its own logical part. According to the characteristics of the virus itself, the position and role of the legitimate program module in the replaced operating system, and the replacement method of the virus replacing the operating system, it destroys the operating system.

4. Classify according to the harm of computer virus

According to the degree of damage, computer viruses can be divided into two categories:

(1) benign computer virus

A benign virus means that it does not contain any code that can directly destroy the computer system immediately. In order to show its existence, this virus just keeps spreading from one computer to another without destroying the data in the computer. Some people don't take this computer virus seriously and think it's just a prank, which has nothing to do with it. In fact, benign and malignant are relative. After the benign virus gains the control of the system, it will cause the whole system and applications to compete for the control of the CPU, which will always lead to the deadlock of the whole system and bring trouble to the normal operation. Sometimes several viruses cross-infect in the system, and a file is repeatedly infected by several viruses. For example, the original storage space is only 10KB, and the whole computer system can't work normally due to a variety of viruses. Therefore, we can't underestimate the damage caused by so-called benign viruses to computer systems.

(2) Malignant computer virus

Malignant viruses refers to the operation of destroying and destroying the computer system in its code, which will directly destroy the system when it is infected or attacked. There are many such viruses, such as Michelangelo virus. When Michaelis virus breaks out, the front 17 sector of the hard disk will be completely destroyed, so that the data on the whole hard disk cannot be recovered, and the losses caused are irreparable. Some viruses also format and destroy the hard disk. These opcodes are deliberately written into the virus, which is one of its natures. Therefore, this kind of malignant viruses is very dangerous and should be guarded against. Fortunately, the anti-virus system can identify the existence of computer virus by monitoring this abnormal behavior in the system, or at least send out an alarm to remind users.

5. According to the parasitic parts or infected objects of computer viruses.

Infectious is the essential attribute of computer virus, which can be classified according to the parasitic position or infected object, that is, according to the infection mode of computer virus, as follows:

(1) The disk boot area is infected with a computer virus.

The virus infected in the boot area of the disk mainly replaces the normal boot record with all or part of the logic of the virus and hides the normal boot record in other parts of the disk. Because the boot sector is a prerequisite for the normal use of the disk, this virus can gain control at the initial stage of operation (such as system startup) and is highly contagious. Because the important information that needs to be used is stored in the boot area of the disk, if the normal boot record removed from the disk is not protected, the runtime boot record will be destroyed. There are many computer viruses in the reading guide area, such as "marijuana" and "small ball" virus.

(2) Computer virus infected by operating system

Operating system is the supporting environment for the operation of computer system, which includes many executable programs and program modules, such as. Com and. exe。 The computer virus infected by the operating system is parasitic and contagious by using some programs and program modules provided in the operating system. Usually, as a part of the operating system, this kind of virus is in a state of being triggered at any time as long as the computer starts to work. The openness and incompleteness of the operating system facilitate the possibility and infectivity of such viruses. Viruses infected by the operating system have been widespread at present, and "Black Friday" is such a virus.

(3) Computer viruses infected by executable programs

Viruses infected by executable programs are usually parasitic in executable programs. Once the program is executed, the virus will be activated. The virus program will be executed first, then it will remain in memory, and then the trigger condition will be set to infection.

In fact, the classification of the above three viruses can be summarized into two categories: one is the computer virus that causes regional infection; The other is a computer virus infected by executable files.

6. According to the activation time of computer virus.

According to the activation time of computer virus, it can be divided into timed and random.

Timed viruses only attack at a certain time, and random viruses are generally not activated by the clock.

7. Classification by media

According to the media of computer virus transmission, it can be divided into stand-alone virus and network virus.

(1) independent virus

The carrier of stand-alone virus is disk. It is common for viruses to spread from floppy disks to hard disks, infect the system, then infect other floppy disks, and then infect other systems.

(2) Network virus

The media of network virus is no longer a mobile carrier, but a network channel, which is more contagious and destructive.

8. Classification according to parasitic mode and transmission route

People are used to classifying computer viruses according to their parasitic mode and transmission mode. Computer viruses can be roughly divided into two types according to their parasitic ways, one is boot virus and the other is file virus; According to its infection route, it can be divided into permanent memory type and non-permanent memory type, and the permanent memory type can be subdivided according to its permanent memory mode.

Mixed virus combines the characteristics of boot virus and file virus.