Windows Dos
Com EXE
Appending Viruses
Windows Windows Windows Windows
HTML
Fred Cohen
Symantec Norton Anti Virus
Sara Cordo
com EXE EXE com EXE
Virus Scan Network Associates 570 00
5000 3500 98%
Trend Micro 3 1
35117 40000
35000
30000 14678
25000 9038 20000 4003 3113 15000 2806 2477 1726 10000 817 162 65 5000 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999
2000 160 1000
25
21
80%
68%
(Beep) Form
Michelangelo Michelangelo Bounnaroti
Assembly Language Java C
bacterium
WINDOWS DOS
IBM DOS (Intel)
WINDOWS DOS
COM EXE EXE COM 4KB 4KB
(OVL) COM 256 COM PSP DOS (Program Segment Prefix)
PSP
64 KB
COM
EXE EXE
(PSP) DOS 512 EXE DOS
EXE
(64 KB) (64 KB) (64 KB)
EXE
COM OBI DLL SYS EXE
Appending Viruses
(Appending) (Prepending) SYS EXE COM
{ (Espawn)} COM DTA EXE Espawn COM
MOV ah , 9EH ;DTA+1EH, Com File Name MOV ah , 3CH ;DOS File Create Function MOV cx , 2 ;hidden attibute MT 21H
MOV ah , 4OH ;DOS File Write Function MOV CX ,Finish-Espawn ;Size of Virus MOV dx , 100 H ;Location of Virus Int 21 H
Espawn
WINDOWS WINDOWS DOS Microsoft Winowdos
NT 9X WINDOWS 9X Windows ME NT Windows 2000 DOS WINDOWS
WINDOWS WINDOWS 3.X
WINDOWS WINDOWS WINDOWS Win Vir 1992 EXE WINDOWS 3.0 (Application Program Interface) API EXE DOS
Boza 1996 WINDOWS 95 32
Boza VLDA WINDOWS
WINDOWS Win 32.Kri2 PE Kir2 25 CIH WINDOWS 9X KRZIED.TT6 WININIT.INI KERNEL32.DLL API
Win95.Prizzy Prizzy Prizzy WINDOWS
486 Pentium (multimedia exetension) mmx
Prizzy Win32.Legacy Win32.Thorin
HTML Java Script Java Activex browser add-ons
HTML
Hyper Text Mar Kup Language HTM SGML HTML Standarzid Ganeral Mar Kup Laguage
HTML
Tags
Links
HTML
HTML
HEAD
TITLE Tiny HMTL document /TITLE
BODY
P Hello Word !
/BODY
/HMTL
HMTL
HMTL
Img.Scr="graphics/picture.gif " picture.gif Img.Scr graphics
a herf= http://www.myexample.com/index.html>
Aherf