General Security Concepts: Attacks • Chapter 2  83


                      ■  Bootstrap Sector Bootstrap sector viruses live on the first portion of
                         the disk, known as the boot sector (this includes both hard and floppy disks).
                         This virus replaces either the programs that store information about the
                         disk’s contents or the programs that start the computer.This type of virus
                         is most commonly spread via the physical exchange of floppy disks.
                      ■  Multi-partite Multi-partite viruses combine the functionality of the par-
                         asitic virus and the bootstrap sector viruses by infecting either files or boot
                         sectors.
                      ■  Companion Instead of modifying an existing program, a companion
                         virus creates a new program with the same name as an already existing
                         legitimate program. It then tricks the OS into running the companion
                         program, which delivers the virus payload.

                      ■  Link Link viruses function by modifying the way the OS finds a pro-
                         gram, tricking it into first running the virus and then the desired program.
                         This virus is especially dangerous, because entire directories can be
                         infected.Any executable program accessed within the directory will
                         trigger the virus.

                      ■  Data File A data file virus can open, manipulate, and close data files.
                         Data file viruses are written in macro languages and automatically execute
                         when the legitimate program is opened.A well-known type of data file
                         virus is a macro virus like the Melissa virus that infected users of Microsoft
                         Word 97 and Word 2000.

                 Damage & Defense… End-User Virus Protection
                   As a user, you can prepare for a virus infection by creating backups of
                   legitimate original software and data files on a regular basis. These
                   backups will help to restore your system, should that ever be necessary.
                   Using Write-Once media (CD-R or DVD-R), and activating the write-pro-
                   tection notch on removable media like a Universal Serial Bus (USB) disk or
                   a floppy disk will help to protect against a virus on your backup copy.
                        You can also help to prevent against a virus infection by using only
                   software that has been received from legitimate, secure sources. Always
                   test software on a “test” machine (either not connected to your produc-
                   tion network or using a virtual machine) prior to installing it on any other
                   machines to help ensure that it is virus-free.








                                                                              www.syngress.com