The Anatomy of a Computer Virus
The most common question asked by not-so-informative net audience is the definition
of a computer virus. I may say that a computer virus is a type of legitimate
program. So what is that makes a virus stand apart from the rest?
The one outstanding feature of a virus is that it sets out with the aim of
reproducing itself. People usually associate viruses with other actions such
as damaging a system by, for instance, destroying data but this is not essential
for a program to be classed as a virus. For example the Tiny series of viruses
are coded with small size as there main criteria and don't waste code with
damage routines. Other viruses use large amounts of code to hide themselves
and thus by not attracting attention to themselves try to ensure there longevity.
The name was given to this piece of malicious code due to its inherent ability
to reproduce itself. So even if you have a piece of code that does nothing
harmful to the system but keeps on making copies of itself then it can be
branded as a computer virus.
Note:
1. By code, I mean any software written in any programming language. It may
be legitimate or otherwise. This word will be in frequent use in further articles
also.
2. The Tiny series is a category of computer viruses which get its name due
to its small size (<1kb)
Now let us study the anatomy of a basic class of viruses. These properties
are inherent of most viruses though the level of adaptation may differ from
species to species. I can say that a virus has basically three parts
1. Replicator - The replicators job is to ensure
the survival of the virus on a system. Most successful viruses do this by
not inflicting damage on the system but by appending themselves to legitimate
programs in the machine. Each time the program is run then the virus will
'wake up' and start to reproduce. As said earlier, this is the most important
part of the virus code.
2. Concealer - This part of the virus has the
job of hiding the virus. It uses a number of methods to do this but the point
is if you don't know a virus is there then you wont try and kill it. Today's
viruses use advance techniques to stop being caught from Antivirus software.
3. Payload - The payload of a virus can be practically
anything, in fact if it can be programmed then it can be the payload. If a
virus is going to have a long life then any damage it causes must either be
very slight or not take place for a long period after infection. If an obvious
payload gets delivered soon after infection then the user is soon going to
notice and will go viruses hunting. This does not help the long life or wide
spread of a virus.
Virus Gallery
