Protecting against the FAT Virus

The FAT, short for File Allocation Table, is a mechanism employed by Microsoft and used in most Windows operating systems.  It's job is to keep track of all the contents on a disk.  The FAT is basically a chart which contains numbers that correspond to cluster addresses on a hard drive. 

FAT12, the oldest version of the File Allocation Table, uses a 12-bit binary system.  This type of system is no longer used to format a hard drive as the maximum volume size was quite limited.  If a computer running Windows 95 or higher displays the File Allocation Table as FAT12, it is likely that the hard drive is terribly corrupted and may be infected with a virus. 

A FAT virus can be rather dangerous as it infects a vital part of the computer's operational process.  It has the ability to prevent access to certain sections on the hard drive where important files are located.  As the virus spreads it's infection, these files or even entire directories can be overwritten and permanently lost. 

The Link Virus

Computer viruses are generally classified in accordance to what they infect, and the way they spread infection.  A common threat to the File Allocation Table is the link virus.  Instead of inserting a malicious code directly into infected files, it distributes itself by manipulating the method in which files are accessed by the FAT file system.  Once an infected file is executed, a link virus typically slithers into resident memory and writes a hidden file to the disk.  Subsequently, it alters the FAT in a way that cross-links other files to a sector of the disk that contains the viral code.  As a result, the operating system jumps to the original code and launches it whenever an infected file is run, granting complete control to the virus.

How Linking Works

The technique of cross-linking can be detected when a CHKDSK program is run, though a FAT virus could employ a stealth mode to conceal changes when it resides in the memory. 

Some of these viruses do not rely on executable files to infect the FAT.  Instead they copy themselves to a wide range of folders and wait to be launched by the user.  Many virus writers give their infections names such WINSTART.BAT or INSTALL.EXE to persuade a user into launching a file that contains the malicious code. 

An FAT virus will not modify host files.  It can, however, force the operating system to execute the viral code altering specific fields in the FAT file system, which can be just as damaging.   

Link viruses and other infections that attack the File Allocation Table of a computer are complex and often difficult to identify.  Most of the time, a user will have no knowledge of its presence as the virus gradually corrupts the computer. 

If you happen to experience performance issues that indicate an FAT virus, you can refer to the map of your hard drive to learn what files should actually be in the system.  If viruses are identified, you can simply place them in the recycle bin yourself.   

Log in or sign up to comment.

Post a comment

Log in or sign up to comment.
Identity theft comes in many forms.

A person\92s identity can be 'borrowed' for the purpose of creating fictional credit cards or a person\92s entire identity can be usurped to the point where they can have difficulty proving that they really are who they claim to be.

Up to 18% of identity theft victims take as long as four years to realize that their identity has been stolen.

There are many ways to protect your personal identity and many steps you can take to prevent your identity from being stolen:

*Never give out unnecessary personal information
*Never provide bank details or social security numbers over the Internet
*Always remain aware of who is standing behind you when you type in your personal credit codes at ATM machines and at supermarket checkout swipe machines.