Since the emergence and promotion of the computer, the computer virus followed as its attachment. Since the early Apple machine and IBM8086, the computer's development speed has a day to change. The computer virus also continues to develop, and the attack means is endless. From the early familiar black Friday to the inexperienced CIH and Nima, the harm is getting bigger and bigger. However, its fundamental core operation mechanism has not changed.
I. The resident (initialization) portion of the virus is running a host file with a virus. EXE or .com is more likely to be popular .vbs script files, that is, the virus's resident program is activated. The general resident program will occupy a part of the host file, so the resident program will first restore this part of the host program; second may determine if the system memory has rested viruses, if it has resided, turn to execute the host program, no Then, the virus program resides to the memory, and then turn to the execution of the original host program after the residence is completed. This model in which most of the viruses resident (initialization), the difference is different in the implementation of various viruses, Dir viruses first modify the first 镞 in the executable file directory, first transferring into memory A virus program located in the disk tail, that is, the resident program of the virus is activated.
Second. This part of the virus infection propagation is a core part of the virus. The computer virus will be infected like a human body virus. It cannot be infected with other cells of the virus. It will always die in the hand of the white blood cell antibody, and cannot infect other documents. Computer viruses are also unavailable. The means used in attacking infections is also different, but it is mainly to achieve this goal of unobstructed file infectious viruses. Some viruses are detected by intercepting the interrupt vector, and if there is no infection with viruses, the original interrupt is directly interrupted, if it is poisoned, the original interrupt is directly executed. With this means of YANKEE virus, Dir viruses also have a notorious CIH. There are also viruses to scan all of the infected files on the disk, infected with documents without infection. Recently popular NIMDA viruses use this infection. With the rapid development of the network, more and more viruses begin to spread through the network, the common worm is selection by scanning the Microsoft Outlook series or other mail software, selection of several or everyone's mailbox is sent. The poisonous file is an accessory. Or infection propagation for system bugs of various servers.
III. Virus attacks Performance part of the early computer virus with piped nature, such as playing a piece of music, or displays a picture on the screen. With the improvement of this virus, the object of computer virus attack is from simple prank, and the system has developed, since the CIH of the Taiwan compatriots Chen Yinghao, the first river of the computer hardware. The performance of the current computer virus is often extremely destructive, not the system crash is hardware damage. Its performance time has also occurred from the early infection to the present. Historically famous black Friday virus whenever the May 13th occurs every Friday.
Four. The anti-anti-virus technology virus and anti-virus of virus are a pair of contradictions. The virus should be more destructive, and its means for anti-virus commonly used means, such as the destroying tracking technique is destroyed to damage INT 3H and INT 5H. If some viruses are commissioned using the Debug program, if the virus has resided in memory, he hides the part of the virus body, making the debugging process greatly increased difficulty. Some more viruses, for example, a job virus, his host file, every time, he will automatically scan the process of anti-virus software in the process and turn it off so that he can avoid the anti-virus software shocked by the emperor. Infection system.
The above is the four major operational mechanisms of the virus, which can better prepare anti-virus software for their operating mechanisms. This is a very powerful virus, and there is a non-virus software in the so-called Tao high.
