Computer viruses can be classified into several different types. The first and most common type is the virus which infects any application program. On IBM PC’s and clones running under PC-DOS or MS-DOS, most programs and data which do not belong to the operating system itself are stored as files. Each file has a file name eight characters long, and an extent which is three characters long. A typical file might be called “TRUE.TXT”, where “TRUE” is the name and “TXT” is the extent. The extent normally gives some information about the nature of a file—in this case “TRUE.TXT” might be a text file. Programs must always have an extent of “COM”, “EXE”, or “SYS”. Under DOS, only files with these extents can be executed by the central processing unit. If the user tries to execute any other type of file, DOS will generate an error and reject the attempt to execute the file.
Since a virus’ goal is to get executed by the computer, it must attach itself to a COM, EXE or SYS file. If it attaches to any other file, it may corrupt some data, but it won’t normally get executed, and it won’t reproduce. Since each of these types of executable files has a different structure, a virus must be designed to attach itself to a particular type of file. A virus designed to attack COM files cannot attack EXE files, and vice versa, and neither can attack SYS files. Of course, one could design a virus that would attack two or even three kinds of files, but it would require a separate reproduction method for each file type.
The next major type of virus seeks to attach itself to a specific file, rather than attacking any file of a given type. Thus, we might call it an application-specific virus. These viruses make use of a detailed knowledge of the files they attack to hide better than would be possible if they were able to infiltrate just any file. For example, they might hide in a data area inside the program rather than lengthening the file. However, in order to do that, the virus must know where the data area is located in the program, and that differs from program to program.
This second type of virus usually concentrates on the files associated to DOS, like COMMAND.COM, since they are on virtually every PC in existence. Regardless of which file such a virus attacks, though, it must be very, very common, or the virus will never be able to find another copy of that file to reproduce in, and so it will not go anywhere. Only with a file like COMMAND.COM would it be possible to begin leaping from machine to machine and travel around the world.
The final type of virus is known as a “boot sector virus.” This virus is a further refinement of the application-specific virus, which attacks a specific location on a computer’s disk drive, known as the boot sector. The boot sector is the first thing a computer loads into memory from disk and executes when it is turned on. By attacking this area of the disk, the virus can gain control of the computer immediately, every time it is turned on, before any other program can execute. In this way, the virus can execute before any other program or person can detect its existence.