Monday, August 25, 2008

Anatomy of A Computer Virus

Anatomy of A Computer Virus
The most common question asked by not-so-informative net audience is the definition of a computer virus. I may say that a computer virus is a type of legitimate program. So what is that makes a virus stand apart from the rest?
The one outstanding feature of a virus is that it sets out with the aim of reproducing itself. People usually associate viruses with other actions such as damaging a system by, for instance, destroying data but this is not essential for a program to be classed as a virus. For example the Tiny series of viruses are coded with small size as there main criteria and don't waste code with damage routines. Other viruses use large amounts of code to hide themselves and thus by not attracting attention to themselves try to ensure there longevity. The name was given to this piece of malicious code due to its inherent ability to reproduce itself. So even if you have a piece of code that does nothing harmful to the system but keeps on making copies of itself then it can be branded as a computer virus.
Note:
By code, I mean any software written in any programming language. It may be legitimate or otherwise. This word will be in frequent use in further articles also.
The Tiny series is a category of computer viruses which get its name due to its small size (<1kb)
Now let us study the anatomy of a basic class of viruses. These properties are inherent of most viruses though the level of adaptation may differ from species to species. I can say that a virus has basically three parts
Replicator - The replicators job is to ensure the survival of the virus on a system. Most successful viruses do this by not inflicting damage on the system but by appending themselves to legitimate programs in the machine. Each time the program is run then the virus will 'wake up' and start to reproduce. As said earlier, this is the most important part of the virus code.
Concealer - This part of the virus has the job of hiding the virus. It uses a number of methods to do this but the point is if you don't know a virus is there then you wont try and kill it. Today's viruses use advance techniques to stop being caught from Antivirus software.
Payload - The payload of a virus can be practically anything, in fact if it can be programmed then it can be the payload. If a virus is going to have a long life then any damage it causes must either be very slight or not take place for a long period after infection. If an obvious payload gets delivered soon after infection then the user is soon going to notice and will go virus hunting. This does not help the long life or wide spread of a virus.

No comments: