4 phases for virus construction

1-install to memory code

Placement of code where it may be executed so that it can install itself to the ram by :

1-mod. To exe or com files

2-mod or repl. Of the boot sector

3-mod or repl of the partition record

4-mod or repl. Of device drivers

5-mod of ovi (overlay) files

2-copy to disk code

Saving the virus code to disk to make to difficult to be detected or removed , the following areas can be used :

1-boot sector 0

2-sectors marked in FAT

3-track 41

4-intersector gaps

5-partition record

6-exe or com or ovl or sys files

7-hidden files

8-data files

3- test for condition code

This maybe special time or date or after specified number of copies of viruses has been made

4- action code : final phase

The component which offers real threat to the comp system

Consider a virus that is designed to infect an assembly language program . it must execute a sequence of steps to effectively plant the virus code for execution :

1-locate the fist executable instruction in the target program

2-replace the inst. With an inst. To jmp to the memory location next to the last inst. Of the target program

3-insert the virus code for execution at the end of the target program

4-insert an inst. at the end of the virus program to simulate the original first inst. Of the target program that the virus replaced in step2

5-add another inst. At the end of the virus code to jmp back to the second inst of the target program

Write an assembly program to design a virus to format a floppy disk

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s