Four stages of viruses
Dormant Phase, Propagation Phase, Triggering Phase, Execution Phase
Virus structure
virus code -> Physically -> Original Program
Logically Virus code part(a) -> Original Program
First line: go to “main” of virus program
Second line: a special flag(infected or not)
Main: Find uninfected programs^ infect them
Do something damaging to the system
“go to” frist line of the host program
Avoid detection by looking at size of program
compress/ decompress the host program
Type of Virus
– parasitic virus: scan/infect programs
– Memory-resident virus: infect running programs
– Macro virus: embedded in documents, run/spread
– Boot sector virus: run/spread whenever the system is booted
– Polymorphic virus: encrypt part of the virus program randomly generated key
Boot Sector Virus
Bootstrap Loader, System Initialization
Virus code -> System Initialization -> Bootstrap Loader