Structure of Viruses
Here is a simple structure of a virus. In the infected binary, at a known byte location in the file, a virus inserts a signature byte used to determine if a potential carrier program has been previously infected.
V() { infectExecutable(); if (triggered()) { doDamage(); } jump to main of infected program; }void infectExecutable() { file = chose an uninfected executable file; prepend V to file; }void doDamage() { ... }int triggered() { return (some test? 1 : 0); }
The above virus makes the infected file longer than it was, making it easy to spot. There are many techniques to leave the file length
No comments:
Post a Comment