Term
|
Definition
| Infects the Master Boot Record (MBR), which is the first program to run on the system. |
|
|
Term
|
Definition
| Wraps itself around an application’s code, inserting its own code before the application’s. Every time the application is run, the virus code is run first. |
|
|
Term
|
Definition
| Microsoft Office Application code, usually VB (Melissa is an example) |
|
|
Term
|
Definition
| Frequently changes itself on an infected system to avoid detection. |
|
|
Term
|
Definition
| When propagating, it mutates so it has a novel signature. |
|
|
Term
|
Definition
| Attempt to evade antivirus by intercepting requests to the operating system; an uninfected version of the file is returned from OS to the antivirus program so it looks legit. |
|
|
Term
| Overwriting File / Cavity Virus |
|
Definition
| Infect the inside of an existing program; preserve the file size, obfuscating infection. |
|
|
Term
|
Definition
| Scarier virus; can’t be signature scan; it has a variable key. |
|
|
Term
|
Definition
| Infect files which are executed or interpreted by the system, such as: COM, EXE, SYS, OVL, OBI, PRG, MNU and BAT; these can be direct action (non-resident) or memory-resident |
|
|
Term
|
Definition
| *One* copy of the virus infects *all* programs in the computer system. Modifies directory table entries; directory entries point to the virus code instead of the action program, execute the virus, and then execute the legitimate program; |
|
|
Term
|
Definition
| Infect only occasionally. |
|
|
Term
|
Definition
| Contains a legit version (such as notepad.exe) and an infected version; every time ‘good’ program is executed, virus is executed. |
|
|
Term
|
Definition
| Take advantage of the Windows Explorer setting ‘show file extensions for existing file types’ (unchecking it). Example: Bad.txt.vbs would show as bad.txt. |
|
|
Term
|
Definition
| Infect both files and the boot sector. |
|
|
Term
|
Definition
| Infect both files and the boot sector |
|
|
Term
|
Definition
| Append code to the end of infected file or tunnel out some space in the file. |
|
|
Term
| Direct action / Transient Virus |
|
Definition
| Stays in memory waiting to perform other activities. |
|
|
Term
| Terminate and Stay Resident Virus |
|
Definition
| Stays in memory waiting to perform other activities |
|
|
