186 Chapter 8 ■ Trojans, Viruses, Worms, and Covert Channels
■ Four short years later, the first PC-compatible virus debuted. The viruses prior to this
point were Apple II types or designed for specific research networks. In 1986, the first
boot-sector viruses debuted, demonstrating a technique later seen on a much wider
scale. This type of virus infected the boot sector of a drive and spread its infection
when the system was going through its boot process.
■ The first logic bomb debuted in 1987: the Jerusalem virus. This virus was designed to
cause damage only on a certain date: Friday the 13th. The virus was so named because
of its initial discovery in Jerusalem.
■ Multipartite viruses made their appearance in 1989 in the Ghostball virus. This virus
was designed to cause damage using multiple methods and components, all of which
had to be neutralized and removed to clear out the virus effectively.
■ Polymorphic viruses first appeared in 1992 as a way to evade early virus-detection
techniques. Polymorphic viruses are designed to change their code and shape to
avoid detection by virus scanners, which look for a specific virus code and not the
new version. Polymorphic viruses employ a series of techniques to change or mutate,
including the following:
■ Polymorphic engine—Alters or mutates the device’s design while keeping intact the
payload (the part that does the damage).
■ Encryption—Used to scramble or hide the damaging payload, keeping antivirus
engines from detecting it.When deployed, this type of virus mutates every time it is executed and may result in
up to a 90 percent change in code, making it virtually unidentifiable to an antivirus
engine.■ Metamorphic viruses—Completely rewrite themselves on each infection. The
complexity of these viruses is immense, with up to 90 percent of their code dedicated
to the process of changing and rewriting the payload. In essence, this type of virus
possesses the ability to reprogram itself. Through this process, such viruses can avoid
detection by antivirus applications.
■ Mocmex—Fast-forward to 2008. Mocmex was shipped on digital photo frames
manufactured in China. When the virus infected a system, the system’s firewall and
antivirus software were disabled; then the virus attempted to steal online-game
passwords.Kinds of Viruses
Modern viruses come in many varieties:
■ A system or boot sector virus is designed to infect and place its own code into the
master boot record (MBR) of a system. Once this infection takes place, the system’s
boot sequence is effectively altered, meaning the virus or other code can be loaded
before the system itself. Post-infection symptoms such as startup problems, problems
with retrieving data, computer performance instability, and the inability to locate hard
drives are all issues that may arise.