From InfoAnarchy
Jump to: navigation, search

See also: Security | Bad Things | Malicious code | Bad Guy | hpvac | worm


A computer virus is less original that its biological ancestor. It is simply a piece of code that has the ability to reproduce itself. Computer hardware should be virus-free for the optimal network performance. Viruses are harmful and should be detected and eliminated.

The father of computer viruses is Fred Cohen. The concept came into fashion in the late eighties / early ninties. Today there are thousands of viruses in the wild and a modern Cybercitizen has to take /Countermeasures. The first type of viruses where so called overwriting viruses. They simply wrote over parts of the infected program's code (usually the beginning) like this:

| Code of host program | --> |virus| host program |

So you can see that the program size did not change. Those viruses were detected easily because the original program does not start at all or does behave strangely. So the next step was to add the virus to the end of the program (or at the beginning). Those are called non-overwriting viruses

| Code of host program | --> |jump|ID| Code of host program |virus |

The jump instruction at the beginning jumps to the end of the executable runs the virus and after executing the virus code the program is started. As you can see the size of the original program increases. The ID is used to determine wether this file is already infected by a the virus so it won't get infected again (not all viruses use this feature)

What does a virus do?

Well everything its author wants it to... most viruses contain so called Logical Bombs that will destroy data or even worse try to manipulate or distribute data on the infected host.

I hope it became obvious that a virus has to be written for a specific architecture. There are some viruses written in script languages floating around that might spread on different architectures but those are rare. An exception to this rule are Macro viruses that depend only on an interpreter that executes it.

There have been hybrid viruses around lately that will infect DOS-executables as well as ELF-binaries (a binary format commonly used on linux / Unix systems).

Viruses are a certain thread to the information society as they spread fast and it takes time to detect them. Some viruses use strong cryptography or other efficient encryption schemes and stealth techniques to disguise their existence.

  • - Learn about computer virus myths, hoaxes, urban legends, hysteria, and the implications if you believe in them. You can also search a list of computer virus hoaxes & virus hysteria from A to Z. -- This site is NOT sponsored by antivirus companies.

Major Viral Attacks on the Internet

As virus writers have developed their skills and with each successful spreading of infection, comes the potential for further attacks.

  • SoBig (August 2003) (.pif or .scr files)

Related Topics