Computer Viruses

Polymorphic & Cloning Computer Viruses
generation of today is growing up in a fast-growing, high-tech world which
allows us to do the impossibilities of yesterday. With the help of modern
telecommunications and the rapid growth of the personal computer in the average
household we are able to talk to and share information with people from all
sides of the globe. However, this vast amount of information transport has
opened the doors for the computer "virus" of the future to flourish.

As time passes on, so-called "viruses" are becoming more and more
adaptive and dangerous. No longer are viruses merely a rarity among computer
users and no longer are they mere nuisances. Since many people depend on the
data in their computer every day to make a living, the risk of catastrophe has
increased tenfold. The people who create computer viruses are now becoming much
more adept at making them harder to detect and eliminate. These so-called "polymorphic"
viruses are able to clone themselves and change themselves as they need to avoid
detection. This form of "smart viruses" allows the virus to have a
form of artificial intelligence. To understand the way a computer virus works
and spreads, first one must understand some basics about computers, specifically
pertaining to the way it stores data. Because of the severity of the damage that
these viruses may cause, it is important to understand how anti-virus programs
go about detecting them and how the virus itself adapts to meet the ever
changing conditions of a computer. In much the same way as animals, computer
viruses live in complex environments. In this case, the computer acts as a form
of ecosystem in which the virus functions. In order for someone to adequately
understand how and why the virus adapts itself, it must first be shown how the
environment is constantly changing and how the virus can interact and deal with
these changes. There are many forms of computers in the world; however, for
simplicity’s sake, this paper will focus on the most common form of personal
computers, the 80x86, better known as an IBM compatible machine. The computer
itself is run by a special piece of electronics known as a microprocessor. This
acts as the brains of the computer ecosystem and could be said to be at the top
of the food chain. A computer’s primary function is to hold and manipulate
data and that is where a virus comes into play. Data itself is stored in the
computer via memory. There are two general categories for all memory: random
access memory (RAM) and physical memory (hard and floppy diskettes). In either
of those types of memory can a virus reside. RAM is by nature temporary; every
time the computer is reset the RAM is erased. Physical memory, however, is
fairly permanent. A piece of information, data, file, program, or virus placed
here will still be around in the event that the computer is turned off. Within
this complex environment, exists computer viruses. There is no exact and
concrete definition for a computer virus, but over time some commonly accepted
facts have been related to them. All viruses are programs or pieces of programs
that reside in some form of memory. They all were created by a person with the
explicit intent of being a virus. For example, a bug (or error) in a program,
while perhaps dangerous, is not considered a computer virus due to the fact that
it was created on accident by the programmers of the software. Therefore,
viruses are not created by accident. They can, however, be contracted and passed
along by accident. In fact it may be weeks until a person even is aware that
their computer has a virus. All viruses try to spread themselves in some way.

Some viruses simply copy clones of themselves all over the hard drive. These are
referred to as cloning viruses. They can be very destructive and spread fast and
easily throughout the computer system. To illustrate the way a standard cloning
virus would adapt to its surroundings a theoretical example will be used. One
day a teacher decides to use his/her classroom Macintosh’s Netscape to
download some material on photosynthesis. Included in that material is a movie
file which illustrates the process. However, the teacher is not aware that the
movie file is infected with a computer virus. The virus is a section of binary
code attached to the end of the movie file that will execute its programmed
operations whenever the file is accessed. Then, the teacher plays the movie. As
the movie is being played the virus makes a