Virus Behavior
In general, a virus
has two phases, “infection phase” and “attack phase”. The first
phase
is the infection
phase, where the virus reproduces widely and the second is the attack
phase, where they do
whatever damage they are programmed to do. Its presence can be
felt only when they
activate themselves.
Infection phase
Virus
writers have to balance how and when their virus should infect against the
possibility of being detected. Therefore the spread of infection may not be
immediate.
This
is the phase where the virus commences the acquisition of the system by first
infecting the identified target, second taking charge of the target and lastly
by installing its own command. These steps are coded in detail in the
instruction code given to it by the author.
No
one knows when exactly a virus will infect other programs or in simple words
when it will activate itself. Some programs get executed each time they are
executed, and some viruses will infect upon a Trigger. You can never be sure
that your system is not infected by a virus after running an AV program a few
times. This is because the virus would not have started its infection phase.
The virus writer will want his program to spread as far as possible so that in
the second phase, "The attack phase", the victim’s computer will have
a positive impact to the virus. Many viruses go resident on the
memory. This provides an upper hand for the virus, as it can wait for an
external event before it starts the infection and also the trigger used by the
virus becomes hard to guess.
The
resident virus frequently takes over portion of the system software to hide
their presence. This technique is called stealth.
Attack phase
Not all viruses attack, but all use system
resources and often have bugs. Most of the viruses do unpleasant things like
deleting files or changing random data on your disk, slowing down your PC,
stealing passwords from the system and mailing it to a remote email, etc.
Viruses often delay revealing their presence by launching their attack only
after they have had ample opportunity to spread. This means that the attack
phase can start even after months of infection. This attack phase is optional.
Many viruses simply reproduce themselves and have no trigger for an attack
phase.
0 comments:
Post a Comment