Computer virusa cat and mouse game

In short, no single answer is likely to cover the broad demographic(statistical knowledge of birth and
death) of virus writers.
However, a 1972 science fiction novel by David Gerrold, When H.A.R.L.I.E. Was One, includes a
description of a fictional computer program called "VI!"" that worked #ust like a virus (and was
countered by a program called "V$%%I&'")
"elf(modifying code is )uite straightforward to write when using assembly language , some high level
language interpreters , the *isp programming language, or the legendary $*+' verb in %,-,*. It is
more difficult to implement on compilers , -atch programming scripts often involve self(modifying
code as well.
.irst virus name // Elk cloner0// 1234 by Richard krenta,// introduced with a computer game //
crated by high school students // it reads the poem It will get on all your disks. It will infiltrate your
chips. Yes it's Cloner! It will stick to you like glue. It will modify RAM too. end in the Cloner!
+he first !C virus was a boot sector virus called (c)-rain, created in 1235 by two brothers, -asit and
$m#ad .aroo) $lvi, operating out of *ahore, 6akistan.
$ffects the boot sector means it will also be run when the system boots
7acro virus are written in scripting languages for 7s. ,ffice programs 8 they are also self replicating 8
they may also mate 8 they are a big threat to the detection cause they change in configuration when they
replicate
ecent ones are (( cross(site scripting virus
"h# use virus$$$
+hey are deliberately created by programmers, or by people who use virus creation soft%are. %omputer
viruses can only do what the programmers have programmed them to do.
%an also be used for good purposes((( but when written weakly can cause great harm.
&o% do the# replicate$$$
+hey actually attach themselves to the host programs an e9e file. $nd they get invoked first when the
program is e9ecuted. -ecause they need a memory space to e9ecuted and they must be loaded into the
memory.
'(!E)
*+*,Resident they immediately search for the other hosts they can infect .
then infect all those targets then they return the control to the program they attached to.
consisting of a finder module and a replication module. +he finder module is responsible for finding new
files to infect. .or each new e9ecutable file the finder module encounters, it calls the replication module to
infect that file.
Resident at the beginning they do not search for any other hosts. +hey get loaded into the memory and
then in the background they stay awake and infects which other program that accesses it.
stealth virus they bypass the antivirus software and get the control of the operating system directly.
It will not allow the anti(virus software to read it and passes a clean copy of the same file to the anti(virus
so they will never be detected. ol) we must boot from a sector that is known to be clean
elf modif#ing code each infected file contains a different variant of the virus.
Encr#ption virus has 4 parts 8 the encryption part 8 the decryption part each time the encryption is
done using different keys and symmetric only. +he decryption pattern remains the same thus the antivirus
software can target this.
!ol#morphic virus a polymorphic virus infects files with an encrypted copy of itself, which is decoded
by a decryption module. In the case of polymorphic viruses however, this decryption module is also
modified on each infection. 6olymorphic engine. $lso slowly infecting virus are called slow polymorphic
virus
-etamorphic +o avoid being detected by emulation, some viruses rewrite themselves completely each
time they are to infect new e9ecutables. 7etamorphic engine
Methods to avoid detection
"ome old viruses, especially on the 7"(:," platform, make sure that the "last modified" date
of a host file stays the same when the file is infected by the virus
"ome viruses can infect files without increasing their si;es or damaging the files. +hey
accomplish this by overwriting unused areas of e9ecutable files. +hese are called ca!ity
!iruses. .or e9ample the %IH virus, or %hernobyl Virus, infects 6ortable '9ecutable files.
-ecause those files had many empty gaps, the virus, which was 1 <- in length, did not add to
the si;e of the file.
many anti(virus programs perform an integrity check of their own code. Infecting such
programs will therefore increase the likelihood that the virus is detected. .or this reason, some
viruses are programmed not to infect programs that are known to be part of anti(virus software.
-ait files (or goat files) are files that are specially created by anti(virus software, or by anti(
virus professionals themselves, to be infected by a virus. %alled ./0'0*G
+hey are created to detect how the virus infects the system its chemistry
+hey are used to create a suitable antivirus software to safegaurd the system
+hey are used to detect the presence of the virus and notify the user of it.
Viruses typically do this by avoiding suspicious programs, such as small program files or programs
that contain certain patterns of 1gar2age instructions1.
+o avoid baiting "parse infection
they affect files that are less likely to be infected nin other circumstances
they attack non host files or attack host file only on a specific day of a week
-E'&+D '+ DE'EC'= $ntivirus
"ignature method
-y heuristic approach tat is by using some common behavior testing