how does a virus self-replicate?

Discussion in 'malware problems & news' started by couldbeanybody, Jul 11, 2004.

Thread Status:
Not open for further replies.
  1. Hi all,

    Let's look at it at a programming point of view.

    What are the common pattern of a self-replicate program?
     
  2. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    start
    promote to highly priviliged mode
    and infect what you want to get infected


    Yep, line 2 looks the hard part, but it's the line 1 puzzle that will probably take a while to solve.
     
  3. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    in programming code, copying a file is a trival excercise, even the file the code is running from. Almost every programming language has a file system api to make this easy. The files being copied must be readable, and the dir to write to must be writable by the running code. If ther user likes to log into his machine as administrator, then he/she let any malware run with admin priviledges, and pretty much any file/dir can be accessed.

    viruses/worms etc often copy themselves using different names and to obscure directories. Usually they like to run the mal intent from one file, but use another to run on startup so if you delete the offending file, the one that runs on startup can put it back. It makes it a bit harder to get rid of.

    The next order of business is to send copies to as many other computers as you can (for a work anyway). This is done by email, char apps, network vunerabilities etc.
     
Loading...
Thread Status:
Not open for further replies.