Viruses << >>

Some Common Techniques used by Viruses

Virus writers have always been trying to fool the existing virus scanners as well as the users. For this purpose they have devised certain techniques. Here is an attempt to explain these techniques in a simplified form.

Self Encryption: To hide its code and its destructive property, a virus remains in the file in encrypted format and decrypts itself at the time of execution. This makes the task of studying the virus a tricky affair. Thus the virus now consists of 2 parts, one is the decryption routine and another is the original encrypted code of the virus. If not studied properly, an accidental removal of the virus may result into serious loss of data, be careful.

Polymorphic Nature: Most of the scanners used to scan the virus with its signature. To evade such style, the Next Generation viruses keep on changing their own code. This poly ( many) morphic (forms) nature makes the virus identification a difficult task. At times the form changes to such an extent that if not studied properly some of its variants evades the virus scanner. Almost all the new viruses are polymorphic in nature.

Stealth Methodology : One common method to detect a virus was to look at the file sizes or by reading the Boot/Partition areas. Since the file size is increased when a virus attaches itself to it, the user can suspect a virus in the file and take corrective steps. Recent viruses smartly take control of the machine. When the virus is active, it hides the actual information and furnishes the ideal information. For example if NATAS is attached to say COMMAND.COM it will get activated every time you boot th

Anti Debug Code : To further make the life difficult for the Anti Virus people, the viruses change themselves the moment somebody tries to study them through debugging tools. At times, programmers are fooled by considering this fabricated code as the actual virus code.

By using combinations of the above techniques, the virus can spread effectively and let loose their destructive activities.