Virus

---

A virus is a software program that infects a computer by inserting itself into programs that already reside in the machine

• is malicious code inserted into an executable file image
  • when the “host” program is executed, the virus is also executed
• designed to replicate and spread from computer to computer
  • by “infecting” executable applications or program code

Types

• generally classified by the types of file or media they infect:
  • Non-resident/file infector
    • is contained within a host executable file and runs with the host process
    • will try to infect other process images on persistent storage and perform other payload actions
      • then passes control back to the host program
  • Memory resident
    • when the host file is executed, the virus creates a new process for itself in memory
    • malicious process remains in memory
      • even if the host process is terminated
  • Boot
    • virus code is written to the disk boot sector or the partition table of a fixed disk or USB media
    • executes as a memory-resident process when the OS starts or the media is attached to the computer
  • Script and macro viruses
    • uses the programming features available in local scripting engines for the OS and/or browser
      • e.g.,
        • PowerShell
        • Windows Management Instrumentation (WMI)
        • JavaScript
        • Microsoft Office documents with Visual Basic for Applications (VBA) code enabled
        • or PDF documents with JavaScript enabled

Descriptors

• Multipartite is used for viruses that use multiple vectors
• Polymorphic is used for viruses that can dynamically change or obfuscate their code to evade detection
• both must infect a host file or media