Computer viruses are malicious programs designed to replicate and infect computer systems without the user’s knowledge or consent. To avoid detection and maximize their impact, viruses employ various strategies and techniques. In this article, we will explore some of the common strategies employed by computer viruses.
1. Overwriting Virus:
One of the most primitive techniques employed by viruses is overwriting files with their own copies. This approach replaces the content of files with the virus code, rendering the original files inaccessible. Overwriting viruses cannot be disinfected, and infected files must be deleted from the disk to remove the virus.
2. Companion Infection:
Companion infection involves giving the virus the same base name as the targeted program but using a different file extension. For example, a virus might use a .COM extension instead of the expected .EXE extension. When a user tries to launch the program without specifying the file extension, the virus takes precedence over the legitimate program. This technique exploits the way operating systems prioritize file types and can lead to unintended execution of the virus code.
3. Appending Virus:
Appending viruses insert a jump instruction (JMP) at the beginning of the host program to redirect execution to the end of the original host. The virus code is then appended to the end of the file. This technique is commonly seen in viruses like Vienna. It can be implemented in various executable file formats, such as EXE, NE, PE, and ELF, by modifying the file’s header section.
4. Prepending Virus:
Prepending viruses insert their code at the beginning of host programs. They overwrite the original program content, shifting it to follow the virus code. This simple and effective infection method has caused major virus outbreaks on different operating systems. For example, the Hungarian virus Polimer.512.A prepends itself to the front of an executable, pushing the original program content down.
5. Cavity or Spacefiller Virus:
Cavity viruses attempt to install themselves within empty spaces or gaps in the host program without damaging the actual program. By utilizing unused areas within the program’s code or data sections, these viruses can avoid increasing the program’s size significantly. The Lehigh virus is an early example of a cavity virus. Due to the complexity of writing this type of virus and the limited number of possible hosts, cavity viruses are relatively rare.
6. Compressing Virus:
Some viruses employ compression techniques to reduce their size and hide their presence within the host program. By compressing the virus code using binary packing algorithms, the virus can evade detection and minimize the increase in the host program’s size. This technique aims to make the infected program appear similar in size to the original, uninfected version.
7. Encrypted Virus:
Encrypted viruses consist of a constant decryptor followed by an encrypted virus body. The decryptor is a fixed routine used to decrypt and execute the virus code. This technique was first implemented by the Cascade virus on DOS. Oligomorphic viruses take encryption further by changing their decryptors in different generations or versions. To achieve this, the virus uses multiple decryptors, and a random one is chosen for execution each time.
8. Boot Sector Virus:
Boot sector viruses target the executable nature of the master boot record (MBR) or partition boot sector (PBS). When an infected computer boots up, the virus code stored in these areas is executed. Boot sector viruses can spread rapidly as they infect the boot sectors of storage devices, such as hard drives and floppy disks. The Michelangelo virus is a well-known example of a boot sector virus.
9. Macro Virus:
Macro viruses infect applications like Microsoft Word or similar software, leveraging the ability of these programs to execute macros. When the infected application is launched or triggered, the virus activates a sequence of predefined actions. Macro viruses often cause unexpected behavior, such as inserting humorous or unwanted text in documents. They are commonly spread through email attachments.
10. Malicious Mobile Code (MMC):
In conclusion, computer viruses employ a range of strategies to propagate and avoid detection. Understanding these strategies is crucial for developing effective defenses against malware and protecting computer systems from potential threats. Users should remain vigilant, keep their systems up to date, and use reputable antivirus software to mitigate the risks posed by computer viruses.