Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How do viruses replicate?


  • Please log in to reply
4 replies to this topic

#1 petronor

petronor

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 29 October 2017 - 04:52 PM

Any textbook definition of a computer virus talks about how they can replicate?

 

But, unfortunately there is never any explanation as to what process is used to replicate and where do they replicate. i.e. do they just replicate in the file/folder/directory 

where the payload was release or do they replicate in any opportunistic location in the file system?

 

Hoping someone can answer this one or provide a web link to another source?


Edited by Chris Cosgrove, 29 October 2017 - 06:08 PM.
Moved to General security


BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 70,429 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:04 AM

Posted 29 October 2017 - 07:31 PM

PLease see...

https://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-your-system-gets-infected/
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,905 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:04 AM

Posted 30 October 2017 - 05:32 AM

A Virus is a man-made program (small bits of programming code disguised as something else or buried in other codes) that causes an unexpected and usually undesirable event. A virus can replicate itself and is designed to automatically spread to other computer users. Viruses can be transmitted through email attachments, downloads or removable media such as CDs, DVDs, or USB drives. Depending on the maliciousness and skill of the virus creator, the damage caused by a virus will vary. Some viruses will spread its viral code into other programs, corrupt, modify or even erase files. Some viruses wreak their effect as soon as their code is executed while other viruses lie dormant until circumstances cause their code to be executed by the computer. Viruses are usually classified by various criteria to include origin, techniques, types of files they infect, where they hide, kind of damage they cause, etc.

Typically there are three functional parts to a virus: Replication by file infectors or boot sector (record) infectors, Concealment and a Bomb:

  • Replication is where a virus reproduces or duplicates itself to insure it has a method of spreading. Replication occurs when the virus has been loaded into memory and has access to CPU cycles.  File infection relies on the virus’s ability to attach itself to a file that provides access to CPU cycles.  The most popular type of infection is a virus that infects or attaches itself to executable files with a .COM, .EXE, or .BAT file extension, which insures the virus is loaded into memory before the actual application when the file is executed. Companion virus works by insuring that its executable file is launched before the legitimate one is launched. When a file extension is not specified, DOS and Windows will first try to execute a file with a .COM extension, then an. EXE extension, and finally a .BAT extension. A file infector can also infect any program for which execution is requested, including .SYS, .OVL, .PRG, and .MNU files.  When the program is loaded, the virus is loaded as well.  Other file infector viruses arrive as wholly contained programs or scripts sent as an attachment to an e-mail note.

    There are two methods of replication after file infection:
    1. Resident virus – once loaded into memory, it waits for other programs to be executed and then infects them.
    2. Non-resident virus – selects one or more executable files and directly infects them without waiting for them to be processed in memory.

    Boot Sector Replication viruses infect the system area of the disk that is read when the disk is initially accessed or booted and rely on disk-to-disk contact to facilitate replication. Boot sector viruses attach to the DOS boot sector on diskettes or the Master Boot Record on hard disks where they find system instructions and move them to some other area of the disk.  The virus is then free to place its own code in the boot record. When the system initializes, the virus loads into memory and points to the new location for the system instructions. This allows the system to boot in a normal fashion except the virus is now resident in memory. A boot sector virus does not require execution of a program for the infected disk to facilitate replication....accessing the disk is sufficient. Multi-partite viruses use both file and boot sector replication technologies.

 

To fully understand what a virus does, you need to understand there are many other types of malware and that they differ from each other.

 


.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 petronor

petronor
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 03 November 2017 - 05:19 PM

BM - thanks for the link

 

Quietman - Thanks for that comprehensive description of how viruses replication and for the links. 

 

Much appreciated guys!



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,905 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:04 AM

Posted 03 November 2017 - 07:52 PM

You're welcome on behalf of the Bleeping Computer community.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users