Viruses
spread using various mechanisms. A virus can either infect an executable
file - file virus - or a data file (macro virus.) There are also multipartite
viruses that can infect both executables and data files.
The executable
targeted virus can use various mechanism to infect and spread itself.
A virus
has three fundamental aspects:
1. Replication
part: it searches for other executable files to infect, and then
embeds the virus code in it.
2. Activation:
it searches for some particular triggering event in the host computer
to start executing the virus code
3. Objective: The actual damage done by the virus.
The actual virus infection logic can be carried out in a number of
ways, as as follows:
1. Companion logic: The virus takes a resembling name of other
executables and gets executed. For example: .txt becomes .txt.exe
2. Linking: The program files no longer point to the original
program, but the virus.
3. Overwriting: The virus code gets overwritten at the beginnng
of the program erasing the original code. Only the virus gets executed.
4. Empty Space Insertion: Empty spaces in a program get the
virus code insertion.
5. Prepending: The virus occupies the beginning of the program
and gets executed before the program runs.
6. Appending: The virus places a 'jump' command at the beginning
of the program. The original beginning is moved to the end. The virus
code itself is fixed before this new beginning. As the program executes,
the virus is executed first, and it then replaces the original beginning
back to its normal place.
Consult the Norman book of viruses for more information.