2 cissp ® Official Study Guide Eighth Edition



Download 19,3 Mb.
Pdf ko'rish
bet853/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   849   850   851   852   853   854   855   856   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

File Infector Viruses
Many viruses infect different types of executable fi les and trigger 
when the operating system attempts to execute them. For Windows-based systems, the 
names of these fi les end with
.exe
and
.com
extensions. The propagation routines of
fi le 
infector viruses
may slightly alter the code of an executable program, thereby implanting 
the technology the virus needs to replicate and damage the system. In some cases, the virus 
might actually replace the entire fi le with an infected version. Standard fi le infector viruses 
that do not use cloaking techniques such as stealth or encryption (see the section “Virus 
Technologies” later in this chapter) are often easily detected by comparing fi le character-
istics (such as size and modifi cation date) before and after infection or by comparing hash 
values. The section “Antivirus Mechanisms” provides technical details of these techniques. 
A variation of the fi le infector virus is the
companion virus
. These viruses are self-contained 
executable fi les that escape detection by using a fi lename similar to, but slightly different 
from, a legitimate operating system fi le. They rely on the default fi lename extensions that 
Windows-based operating systems append to commands when executing program fi les 

.com
,
.exe
, and
.bat
, in that order). For example, if you had a program on your hard disk 
named
game.exe
, a companion virus might use the name
game.com
. If you then open a 
Command tool and simply type
GAME
, the operating system would execute the virus fi le, 
game.com
, instead of the fi le you actually intended to execute,
game.exe
. This is a very good 
reason to avoid shortcuts and fully specify the name of the fi le you want to execute. 

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   849   850   851   852   853   854   855   856   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish