home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
The Unsorted BBS Collection
/
thegreatunsorted.tar
/
thegreatunsorted
/
bbs_file_lists
/
i2v.001
< prev
next >
Wrap
Text File
|
1997-07-24
|
16KB
|
323 lines
A
Anti-antivirus Virus
A virus that attacks, disables, or avoid infecting specific
anti-virus software. Also called a retrovirus.
Antivirus Virus
A virus that specifically looks for and removes another virus.
B
Back Door
A feature built into a program by its designer, which allows
the designer special privileges that are denied to the normal
users of the program. A back door in an EXE or COM
program, for instance, could enable the designer to access
special set-up functions.
Bimodal Virus
A virus that infects both boot records and files. Also called
bipartite or multipartite. See File-infecting virus and
Boot-sector-infecting virus.
Boot
To start a computer so that it is ready to run programs for the
user. A PC can be booted either by turning its power on, or
by pressing Ctrl+Alt+Del.
Boot Records
Those areas on diskettes or hard disks that contain some of
the first instructions executed by a PC when it is booting.
Boot records must be loaded and executed in order to load
the operating system. Viruses that infect boot records change
the boot records to include a copy of themselves. When the
PC boots, the virus program is run and will typically install
itself in memory before the operating system is loaded.
Boot-sector-infecting virus
Some viruses infect the boot records of hard disks and
diskettes. They typically do so by replacing the existing boot
record with their own code. The virus is executed when the
system is booted from the hard disk or diskette, and installs
its own code in the system's memory so that it can infect
other hard disks or diskettes later. Once that has happened,
the virus will usually execute the normal boot program, which
it stores elsewhere on the disk.
Bug
An error in the design or implementation of a program that
causes it to do something that neither the user nor the
program author had intended to be done.
C
CERT
Computer Emergency Response Team. These are the people
who are responsible for coordinating the response to virus
incidents in an organization.
Cluster virus
A virus that infects disks or diskettes by modifying their file
systems so that every program file entry points to the virus
code. The virus code only exists in one physical place on the
disk, but running any program on the disk will run the virus
as well. So, cluster viruses can appear to infect every program
on a disk.
COM File
A PC-DOS binary image that is loaded into memory. It has
restrictions in size and method of program load. It generally
loads somewhat faster than an EXE file and has a simpler
structure.
Companion virus
A virus that creates a new program with the same file name as
an existing program, but in a different place or with a different
file type, so that typing the program's name on the command
line causes the virus program to be executed instead of the
original program. For instance, a companion virus could
create a file name FOO.COM that contained its code, if a
program named FOO.EXE already existed. When the user
types FOO on the command line, FOO.COM would get
executed instead of FOO.EXE.
CRC
Cyclic Redundancy Code. A CRC is a type of checksum. A
checksum algorithm takes a file (or other string of bytes) and
calculates from it a few bytes (the checksum) that depend on
the entire file. The idea is that, if anything in the file changes,
the checksum will change. CRC checksums are usually used
to detect random, uncorrelated changes in files.
D
DOS
See PC-DOS.
E
EXE File
A PC-DOS executable file similar to a COM file, except that it
is not restricted in size (except for memory limitations), and
that it may contain relocatable code.
F
FAPI
See Family API.
Family API
An application programming interface which allows a
properly written program to work under both OS/2 and DOS.
Family API programs have an OS/2 fork, which contains
OS/2-specific code, and a DOS fork, which contains
PC-DOS-specific code. In many cases, PC-DOS viruses that
try to infect Family API applications get confused and end up
damaging the program. Infected Family API applications
often just do not work, rather than spread the infection.
File-infecting virus
Some viruses infect executable files. There are a variety of
mechanisms that they use to do so. Usually, the virus will get
control when the program is first executed. In most cases, the
virus will return control to the original program after it has
completed its own execution.
G
Garden of Eden Mechanism
A mechanism used only in the author's original copy of the
virus and not in subsequent generations of it. It is sometimes
possible to determine when a copy of a virus is the author's
original copy by noticing that such a mechanism is
functional. Also called a germ or generation one virus.
H
HICL
See High Integrity Computing Laboratory.
High Integrity Computing Laboratory
The group at the IBM Thomas J. Watson Research Center
responsible for IBM AntiVirus research and development.
The group carries out studies of viral spread and behavior,
and develops customer solutions.
I
IBM AntiVirus
IBM's premiere anti-virus software for DOS, Windows,
Windows 95, Windows NT, OS/2 and Novell NetWare. It is a
standard part of IBM AntiVirus Services. Versions are
available for use on individual PCs, for installation on client
PCs from network servers, and for execution on client PCs
from network servers.
Integrity
That aspect of security that deals with the correctness of
information or its processing. An attack on integrity would
seek to erase a file that should not be erased, alter an element
of a database improperly, corrupt the audit trail for a series of
events, propagate a virus, etc.
I/S
Information Systems. This usually refers to the organization
which is responsible for the internal computing systems of an
enterprise.
L
Logic Bomb
A Trojan Horse, which is left within a computing system with
the intent of it executing when some condition occurs. The
logic bomb could be triggered by a change in a file, by a
particular input sequence to the program, or at a particular
time or date (see Time Bomb). Logic bombs get their name
from malicious actions that they can take when triggered.
M
Malicious Code
Any program or piece of code designed to do damage to a
system or the information it contains, or to prevent the
system from being used in its normal manner.
Master Boot Records
Those boot records on PC hard disks that define the
structure of the information on the disk. There is only one
master boot record on each physical hard disk. Each logical
disk drive (C:, D:, etc.) has a system boot record associated
with it. See Boot Records and System Boot Records.
Mutant
See Variant.
MBR
See Master Boot Records.
O
OS/2
An operating system sold by IBM for IBM PC, and
compatible computers. It is a multi-tasking operating system
which can run many PC-DOS and Windows programs.
P
PC
As used in this document, PC refers to any IBM PC or
PC-like computer.
PC-DOS
An operating system sold by IBM for the IBM PC and
compatible computers. Microsoft Corp. produces a
functionally similar version of this operating system called
MS-DOS. Viruses that infect PC-DOS systems almost always
infect MS-DOS systems, and vice versa.
Polymorphic viruses
A self-garbling virus whose degarbling header changes each
time it spreads. These viruses are intended to be difficult to
detect, those this is rarely the case in practice.
R
Resident Extension
In PC-DOS, programs can install a part of themselves in
memory, and this part can remain active after the program has
ended. This memory resident part is called a resident
extension, since it is effectively an extension to the operating
system. Many viruses install themselves as resident
extensions, which will then look for files to infect when those
files are accessed or executed later.
Rogue Program
This term has been used in the popular press to denote any
program intended to damage programs or data, or to breach
the security of systems. As such, it encompasses malicious
Trojan Horses, logic bombs, viruses, and so on.
S
Self-Encrypting Viruses
See Self-Garbling Viruses.
Self-Extracting Files
A file which, when run, decompresses part of itself into one
or more new files. It is common to store and transmit groups
of files in a self-extracting file to conserve both disk space
and transmission time. If infected files are compressed into a
self-extracting file, anti-virus programs that only scan files
will not necessarily be able to detect the virus. To scan such
files, you must first extract and then scan their constituent
files.
Self-Garbling Viruses
Some viruses attempt to hide from virus scanning programs
by keeping most of their code garbled in some way, and
changing the garbling each time they spread. When such a
virus runs, a small header degarbles the body of the virus and
then branches to it.
Signature
A search pattern, often a simple string of bytes, that is
expected to be found in every instance of a particular virus.
Usually, different viruses have different signatures.
Stealth Viruses
Some viruses attempt to hide from detection programs by
hiding their presence in boot records or files. When such
viruses are run, they install a resident extension. This
resident extension intercepts various disk accesses,
determines if its own code is part of the disk access, and
removes the code before giving the data to the calling
program. The result is that the virus can be in several places
on the disk, but normal reads of the disk will not reveal it.
System Boot Records
Each logical PC-DOS or OS/2 drive (e.g. C:, D:, etc.) has a
system boot record associated with it. The system boot
record contains code that tells the system about that logical
drive and tables that contain an index to the files on it.
T
Time Bomb
A logic bomb activated at a certain time or date.
Trojan Horse
Any program designed to do things that the user of the
program did not intend to do. An example of this would be a
program which simulates the logon sequence for a computer
and, rather than logging the user on, simply records the
user's userid and password in a file for later collection. Rather
than logging the user on (which the user intended), it steals
the user's password so that the Trojan Horse's designer can
log on as the user (which the user did not intend).
TSR
Terminate and Stay Resident.A PC-DOS program which
installs a resident extension (see Resident Extension) and
then terminates.
V
Variant
A modified version of a virus that is usually produced on
purpose by a virus author or by someone who modifies the
original virus. Variants may be very similar to their parent
virus, or may be fairly different. Some are text variants, which
means that the only differences between them and their
parent virus are in internal program comments that are never
displayed, or in text that is displayed to the screen. Some are
the result of small changes made to the original virus,
apparently to create a new virus which is not detected by
certain anti-virus programs. Some are the result of large
changes, such as combining the spreading part of one virus
with the damage part of another.
Virus
A program that can infect other programs by modifying them
to include a (possibly evolved) copy of itself. Note that a
program need not perform malicious actions to be a virus; it
need only infect other programs. Many viruses that have
been encountered, however, do perform malicious actions.
(Note: There is no formal Latin plural of the word virus.
Hence, the preferred plural is the English form: viruses.)
Vx
This term is shorthand for Virus Exchange. It is most often
applied to electronic bulletin board systems where viruses are
made available for download (a VxBBS).
W
Worm
A program that makes copies of itself elsewhere in a
computing system. These copies may be created on the same
computer, or may be sent over networks to other computers.
The first use of the term described a program that copied
itself benignly around a network, using otherwise-unused
resources on networked machines to perform distributed
computation. Some worms are security threats, using
networks to spread themselves against the wishes of the
system owners and disrupting networks by overloading
them.
Z
ZIP Files
Files compressed with the PKZIP compression program.
PKZIP is a popular compression program. Many virus
scanners today, including IBM AntiVirus, can scan inside of
ZIP files. (Also see Self-Extracting Files,.)