issuhub.com

CEH

(Jeff_L) #1

Malware 185



  1. Design. The author envisions and creates the virus. The author may choose to create
    the virus completely from scratch or use one of the many construction kits that are
    available to create the virus of their choice.

  2. Replication. Once deployed, the new virus spreads through replication: multiply-
    ing and then ultimately spreading to different systems. How this process takes place
    depends on the author’s original intent; but the process can be very rapid, with new
    systems becoming affected in short order.

  3. Launch. The virus starts to do its dirty work by carrying out the task for which it was
    created (such as destroying data or changing a system’s settings). Once the virus acti-
    vates through a user action or other predetermined action, the infection begins.

  4. Detection. The virus is recognized as such after infecting systems for some period of
    time. During this phase, the nature of the infection is typically reported to antivirus
    makers, who begin their initial research into how the software works and how to erad-
    icate it.

  5. Incorporation. The antivirus makers determine a way to identify the virus and incor-
    porate the process into their products through updates.

  6. Elimination. Users of the antivirus products incorporate the updates into their systems
    and eliminate the virus.


It is important to realize that this process is not linear: it is a loop or cycle. When step 6
is reached, the whole process starts over at step 1 with another round of virus development.


Why do people create viruses? There are a number of reasons, such as

curiosity, hacktivism, showing off, and many others that may or may not

make sense to an outsider. As a pen tester, you may find that creating

a virus is something you need to do in order to properly test defensive

systems.

All viruses are not created equal. Each may be created, deployed, and activated in
different ways, with drastically different goals in mind. For example:


■ In the mid-1970s, a new feature was introduced in the Wabbit virus. This virus


represented a change in tactics and demonstrated one of the features associated with

modern-day viruses: replication. The virus replicated on the same computer over and

over again until the system was overrun and eventually crashed.

■ In 1982, the first virus seen outside academia debuted in the form of the Elk Cloner


virus. This piece of malware debuted another feature of later viruses—the ability to

spread rapidly and remain in the computer’s memory to cause further infection. Once

resident in memory, it infected floppy disks placed into the system, as many later

viruses would do. Nowadays, this virus would be spread across USB devices such as

flash drives.
Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2025. All rights reserved.