|
| |
 |
 |
|
Life Cycle of a Virus Copyright © Trend Micro
Computer viruses have a life cycle that starts when they're created and ends when they're
completely eradicated. The following outline describes each stage.
|
| |
Creation
Until a few years ago, creating a virus required knowledge of a computer programming
language. Today anyone with even a little programming knowledge can create a virus.
Usually, though, viruses are created by misguided individuals who wish to cause
widespread, random damage to computers.
|
| |
Replication
Viruses replicate by nature. A well-designed virus will replicate for a long time before
it activates, which allows it plenty of time to spread.
|
| |
Activation
Viruses that have damage routines will activate when certain conditions are met, for
example, on a certain date or when a particular action is taken by the user. Viruses
without damage routines don't activate, instead causing damage by stealing storage
space.
|
| |
Discovery
This phase doesn't always come after activation, but it usually does. When a virus is
detected and isolated, it is sent to the International Computer Security Association in
Washington, D.C., to be documented and distributed to antivirus developers. Discovery
normally takes place at least a year before the virus might have become a threat to the
computing community.
|
| |
Assimilation
At this point, antivirus developers modify their software so that it can detect the new
virus. This can take anywhere from one day to six months, depending on the developer and
the virus type.
|
| |
Eradication
If enough users install up-to-date virus protection software, any virus can be wiped out.
So far no viruses have disappeared completely, but some have long ceased to be a major
threat.
|
| |
Virus Types Copyright © Trend Micro
The majority of viruses fall into four main classes:
1) Boot sector
2) File infector
3) Multi-partite
4) Macro viruses
|
| |
Boot Sector Viruses
Until the mid-1990s, boot sector viruses were the most prevalent virus type, spreading
primarily in the 16-bit DOS world via floppy disk. Boot sector viruses infect the boot
sector on a floppy disk and spread to a user's hard disk, and can also infect the master
boot record (MBR) on a user's hard drive. Once the MBR or boot sector on the hard drive
is infected, the virus attempts to infect the boot sector of every floppy disk that is
inserted into the computer and accessed.
|
| |
|
Boot sector viruses work like this: by hiding on the first sector of a disk, the virus is
loaded into memory before the system files are loaded. This allows it to gain complete
control of DOS interrupts so that it can spread and cause damage.
|
| |
|
These viruses often replace the original contents of the MBR or DOS boot sector with their
own contents and move the sector to another area on the disk. Cleaning up a boot sector
virus can be performed by booting the machine from an uninfected floppy system disk rather
than from the hard drive, or by finding the original boot sector and replacing it in the
correct location on the disk.
|
|
|
 |
|
| Copyright © 1996-2011 Tom Bowser. All rights reserved. |
