Computer Virus is clearly defined in the "Computer Information System Security Protection Regulations of the People's Republic of China". A virus refers to "a program inserted by the compiler into a computer program that destroys computer functions or destroys data, affects the use of the computer, and can A copied set of computer instructions or program code."
Computer viruses are different from medical "viruses". Computer viruses do not exist naturally. They are a set of instructions or program codes compiled by humans by taking advantage of the inherent vulnerabilities of computer software and hardware. It can lurk in the computer's storage medium (or program) and be activated when conditions are met. By modifying other programs, it can put its exact copy or possible evolved form into other programs. Thereby infecting other programs and damaging computer resources. The so-called viruses are man-made and are very harmful to other users.
Features
(1) Reproduction
Computer viruses can reproduce like biological viruses. When a normal program is running, it also replicates itself. Whether it has the characteristics of reproduction and infection is the primary condition for judging a certain program to be a computer virus.
(2) Destructiveness
After computer poisoning, normal programs may not be able to run, and files in the computer may be deleted or damaged to varying degrees. Destroy the boot sector and BIOS, and damage the hardware environment.
(3) Contagiousness
Computer virus contagiousness means that computer viruses infect other non-toxic objects by modifying other programs to infect copies or variants of themselves. It can be a program or a component in the system.
(4) Latency
Computer virus latency refers to the ability of computer viruses to attach themselves to other media and parasitize. After intrusion, the virus will not attack until conditions are ripe, which will slow down the computer. .
(5) Concealment
Computer viruses are highly concealed and can be detected in small numbers through virus software. Covert computer viruses appear and disappear from time to time and are constantly changing. This type of virus must be dealt with It was very difficult to get up.
(6) Triggerability
People who compile computer viruses generally set some trigger conditions for the virus program, for example, a certain time or date of the system clock, the system is running Certain programs etc. Once the conditions are met, the computer virus will "attack" and cause the system to be destroyed.
Related recommendations: "FAQ"
Principle
Viruses rely on storage media such as floppy disks and hard disks to form a source of infection. The vector of virus transmission depends on the work environment. Virus activation is to store the virus in the memory and set trigger conditions. The trigger conditions are diverse and can be the clock, the system date, the user identifier, or a system communication, etc. When conditions are ripe, the virus begins to replicate itself into the infected object and carry out various destructive activities.
Virus infection is an important indicator of virus performance. During the infection process, the virus copies a copy of itself to the infected object.
Infection Strategy
To be able to replicate itself, the virus must be able to run code and be able to perform write operations on memory. For this reason, many viruses attach themselves to legitimate executable files. If the user attempts to run the executable file, the virus has a chance to run. Viruses can be divided into two categories based on the behavior they exhibit when running. Non-resident viruses will immediately look for other hosts and wait for opportunities to infect them, and then transfer control to the infected application. Resident viruses do not look for other hosts when they are run. In contrast, a resident virus loads itself into memory and hands control over to the host. The virus runs in the background and opportunistically infects other targets.
(1) Non-resident viruses
Non-resident viruses can be thought of as programs with search modules and replication modules. The search module is responsible for finding files that can be infected. Once the file is searched, the search module will start the copy module for infection.
(2) Resident virus
Resident viruses contain a replication module whose role is similar to that of non-resident viruses. The replication module is not called by the search module in resident viruses. The virus loads the replication module into memory when it is run and ensures that the replication module is called when the operating system performs certain actions. For example, the copy module is called when the operating system runs other files. In this example, all files that can be run will be infected. Resident viruses are sometimes divided into fast and slow infectors. Rapid infectors will try to infect as many files as possible. For example, a quick infector can infect all files that are accessed. This poses particular problems for antivirus software. When running system-wide protection, antivirus software needs to scan all files that may be infected. If the anti-virus software is not aware of the rapid infector in the memory, the rapid infector can take advantage of this and use the anti-virus software to scan the file and infect it at the same time. Rapid infectors rely on their ability to infect quickly. But this also makes rapid infection easy to detect, because its behavior will reduce system performance, thereby increasing the risk of detection by anti-virus software. In contrast, slow infectors are designed to infect targets only occasionally, thus avoiding the chance of detection. For example, some slow infectors only infect when other files are copied. But attempts by slowly infected individuals to avoid detection appear to be unsuccessful.
The above is the detailed content of What is the main medium through which computer viruses spread?. For more information, please follow other related articles on the PHP Chinese website!