Development of Computer Viruses

 

In the history of virus development, the emergence of viruses is regular. Generally, after the emergence of a new virus technology, the virus rapidly develops, followed by the anti-virus technology.
Development will suppress its spread. When the operating system is upgraded, the virus is changed to a new method to generate a new virus technology. It can be divided:
1. DOS boot phase
& 127; & 127; in 1987, computer viruses were mainly Boot viruses, typically ball and stone viruses.
At that time, the computer hardware was relatively simple and generally needed to be started using a floppy disk. Boot principle of a boot virus uses a floppy disk to modify the system startup
When the computer is started, the dynamic sector first obtains control to reduce the impact of system memory modification on disk read/write interruptions on system efficiency when the system accesses the disk.
. In 1989, the typical representative of boot virus that can infect hard disks was stone 2 ".
2. DOS executable stage
& 127; & 127; the executable file virus showed up in 1989. The mechanism they used to load the execution file using the DOS system was represented by the "Jerusalem" "Sunday" virus.
The code gets control when the system executes the file. Modify the DOS interrupt when the system calls the file and attach itself to the executable file to increase the file length.
In 1990, composite viruses were developed to infect COM and EXE files.
3. adjoint and batch phases
& 127; & 127; in 1992, the adjoint virus showed that they were loading files using DOS in priority. It is representative of the "Jin Chan" virus when it is infected with the EXE file
Generate a COM-accompanied object with the same name as the EXE file. When it is infected with the COM file, it changes to the original COM file with the same name.
The file extension is COM. In this way, the virus takes control of the DOS file. This type of virus does not change the date and
You only need to delete its companion body when removing the virus from the attribute. In a non-DOS operating system, some companion viruses use the operating system's description language for work.
A typical example is the "pirate flag" virus. When it is executed, it asks the user name and password and returns an error message to delete itself. Batch Virus
It is a type of virus that works in DOS and is similar to the "pirate flag" virus.
4. Ghosts and shapes
& 127; & 127; in 1994, with the development of assembly language, the same function can be combined in different ways to generate a seemingly random piece of code.
The same operation result. The ghost virus uses this feature to generate different code each time it is infected. For example, if "Half" of the virus is generated, there are hundreds of millions of viruses.
The virus body of the decoded computing program is hidden in the data before decoding. Therefore, it is necessary to decode the data and increase the difficulty of virus detection. Multiple
A virus is a comprehensive virus that can infect both the boot zone and the program zone. Most of them have a decoding algorithm. A virus usually requires more than two subprograms.
Can be released.
5. Generator and variant machine stage
& 127; & 127; in 1995, some data operations in the assembly language were placed in different general-purpose registers, and the same results could be computed. Some null operations were randomly inserted and irrelevant.
The command does not affect the operation result. In this way, a decoding algorithm can be generated by the generator. When a virus is generated, this complicated one is called virus generator and
The variant machine is generated. A typical example is the "virus manufacturer" VCL, which can instantly create thousands of different virus types and cannot be transmitted.
The traditional feature identification method requires Macro Analysis of command decoding and virus identification. A variant machine is a command generation mechanism that increases the decoding complexity.
6. Network and worm stage
& 127; & 127; in 1995, with the popularity of the network, viruses began to spread over the network. They only improved the previous generation of viruses. In a non-DOS Operating System, "worm" is a typical
It does not occupy any resources other than memory, and does not modify disk files. Using the network function, you can search for network addresses to spread the following addresses. Sometimes
It also exists in the network server and Startup File.
7. Window stage
& 127; & 127; in 1996, with the increasing popularity of Windows and Windows 95, the virus that uses Windows for work began to develop. Typical representatives of their NEPE files
The mechanism of DS.3873 is more complicated. It is also complicated to use the protection mode and API call interface to work and release methods.
8. macro virus stage
& 127; & 127; in 1996, with the enhancement of the Windows Word function, the Word Macro language can also be used to compile viruses. The virus is easy to infect the Word in Basic-like languages.
Document file. Viruses that work in the same way as Excel and AmiPro are also classified as such. It is difficult to search for such viruses because the word document format is not published.
9. Internet connection stage
& 127; & 127; in 1997, with the development of the Internet, various viruses began to spread virus-carrying packets and emails over the Internet.
These email machines may be poisoned.
10 Java, mail bomb stage
& 127; & 127; in 1997, with the popularity of Java on the World Wide Web, the virus that uses the Java language for propagation and data retrieval began to show a typical example of the JavaSnake virus. Also
There are some viruses that use the Mail server for transmission and destruction, such as the Mail-Bomb virus, which seriously affects the efficiency of the Internet.