|
Virii |
||
| Home | ||
| Newbie Help on Virii Virii, or in common parlance, viruses are Self-Replicating and Invading code. Self-Replicating means exactly that, the code (or program) actually makes copies of itself and distributes them. Invading means that these new pieces of code (or virii) try to spread into other systems, disks, networks, etc in a forcible manner. The most common way of accomplishing this is for the virus to hide in some manner. Some virii hide by disguising themselves as legitamate program files. These files then run the actual executable after they themselves run. These are known as companion-type infectors. Other virii, when run, copy themselves into the executable file's actual code and thus become part of the program itself. These are known as runtime infectors. Still another type is infector is the memory resident infector. These virii, when run, go resident into memory and then infect other files when they are run or opened. These are among the most advanced virii around. There are special types of memory resident virii that include stealth, boot sector, and kernel infectors. Polymorphism and Encryption are too additional methods by which a virus can escape detection. Encryption involves the viral code being either encrypted, or modified, by a set pattern or patters. When run the viral code decrypts itself. The advantage to this is that a virus scanner is less likely to detect the virus by the nature of its code or by its signature/fingerprint, or distinctive sections of code. Polymorphism is an advanced method by which a virus can encrypt itself using, for all practical purposes, an unlimited number of encryption patterns, which means that the virus is almost never the same twice. This is just a very broad and general overview, and is really a very schitty text when it comes to discussing what virii are. I apologise for this miserable attempt to explain these intricate and almost living (or truely living depending on who you ask) pieces of code. A good follow up to this crusty paper would be an honest to goodness virus FAQ, and I can tell you that there is one listed in our Other HCPVAW section from the table of contents. Enjoy. |
