How Computer Viruses Work?
Here is the general way that viruses work:
1.An infected program is run. This is either a program file (in the case of a file-infecting virus) or a boot sector program at boot time. In the case of a Microsoft Word document thevirus can be activated as soon as the document that contains it is opened for reading within Microsoft Word. If the"NORMAL.DOT" document template is infected(and this is the most common target of theseviruses) then the virus may be activated as soon as Microsoft Word is started up.
2.The infected program has been modified so that instead of the proper code running, the virus code runs instead. This is usually done by the virus modifying the first few instructions to "jump" to where the virus code is stored. The virus code begins to execute.
3.The virus code becomes active and takes control of the PC. There are two ways that a virus will behave when it is run:direct-actionviruses will immediately execute, often seeking other programs to infect and/or exhibiting whatever other possibly malicious behavior their author coded into them. Many file-infector viruses are direct-action. In contrast,memory-residentviruses don't do anything immediately; they load themselves into memory and wait for a triggering event that will cause them to "act". Many file infectors and all boot infectors do this (boot infectors have to become memory resident, because at the time they are executed the system is just starting up and there isn't that much "interesting" for them to do immediately.)
4.What exactly the virus does depends on what the virus is written to do. Their primarygoals however include replication and spreading, so viruses will generally search for new targets that they can infect. For example, a boot sector virus will attempt to install itself on hard disks or floppy disks that it finds in the system. File infectors maystay in memory and look for programs being run that they can target for infection.
5."Malevolent" viruses that damage files or wreak havoc in other ways will often act on triggers. There are viruses that will only activate on particular days of the year (such as the infamous "Friday the 13th"), or act randomly, say, deleting a file every 8th time they are run. Some viruses do nothing other than trying to maximize their own infection to as many files and systems as possible.
1.An infected program is run. This is either a program file (in the case of a file-infecting virus) or a boot sector program at boot time. In the case of a Microsoft Word document thevirus can be activated as soon as the document that contains it is opened for reading within Microsoft Word. If the"NORMAL.DOT" document template is infected(and this is the most common target of theseviruses) then the virus may be activated as soon as Microsoft Word is started up.
2.The infected program has been modified so that instead of the proper code running, the virus code runs instead. This is usually done by the virus modifying the first few instructions to "jump" to where the virus code is stored. The virus code begins to execute.
3.The virus code becomes active and takes control of the PC. There are two ways that a virus will behave when it is run:direct-actionviruses will immediately execute, often seeking other programs to infect and/or exhibiting whatever other possibly malicious behavior their author coded into them. Many file-infector viruses are direct-action. In contrast,memory-residentviruses don't do anything immediately; they load themselves into memory and wait for a triggering event that will cause them to "act". Many file infectors and all boot infectors do this (boot infectors have to become memory resident, because at the time they are executed the system is just starting up and there isn't that much "interesting" for them to do immediately.)
4.What exactly the virus does depends on what the virus is written to do. Their primarygoals however include replication and spreading, so viruses will generally search for new targets that they can infect. For example, a boot sector virus will attempt to install itself on hard disks or floppy disks that it finds in the system. File infectors maystay in memory and look for programs being run that they can target for infection.
5."Malevolent" viruses that damage files or wreak havoc in other ways will often act on triggers. There are viruses that will only activate on particular days of the year (such as the infamous "Friday the 13th"), or act randomly, say, deleting a file every 8th time they are run. Some viruses do nothing other than trying to maximize their own infection to as many files and systems as possible.
Comments
Post a Comment