Anatomy of a virus


3 Nov 2003

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

The life cycle of a virus begins when it is created and ends when it is completely eradicated – although ‘eradication’ is a relative term.

The following outline describes each stage:

Creation
Until recently, creating a virus required knowledge of a computer programming language. Today anyone with basic programming knowledge can create a virus. Typically, individuals who wish to cause widespread, random damage to computers create viruses.

Replication
Viruses typically replicate for a long period of time before they activate, allowing plenty of time to spread.

Activation
Viruses with damage routines will activate when certain conditions are met, for example, on a certain date or when the infected user performs a particular action. Viruses without damage routines do not activate, instead causing damage by stealing storage space.

Discovery
This phase does not always follow activation, but typically does. When a virus is detected and isolated, it is sent to the ICSA in Washington, DC, to be documented and distributed to anti-virus software developers. Discovery normally takes place at least one year before the virus might have become a threat to the computing community.

Assimilation
At this point, anti-virus software developers modify their software so that it can detect the new virus. This can take anywhere from one day to six months, depending on the developer and the virus type.

Eradication
If enough users install up-to-date virus protection software, any virus can be wiped out. So far no viruses have disappeared completely, but some have long ceased to be a major threat.

Top five virus threats in the ‘wild’:

1 WORM_LOVGATE.G
2 WORM_SWEN.A
3 WORM_NACHI.A
4 WORM_KLEZ.H
5 VBS_LOVELETTER.A
(data from Trend Micro)