Answer the question
In order to leave comments, you need to log in
How does a virus work?
It is necessary to explain step by step how the virus works. Written in assembler?
Answer the question
In order to leave comments, you need to log in
A virus is no different from any other program.
It just starts, runs, ends.
The essence of the virus is in its actions and not in the principle of operation, but the essence of the action is to try to copy itself somewhere else, without the knowledge of the user, that is, to multiply.
Therefore, it usually starts up, perhaps trying to determine the system, perhaps checking whether the system is already infected, then trying to infect it - copy itself somewhere to a hidden place and add itself to autorun under the guise of a program, service, driver or part of the kernel (depending on how cool author).
Then the virus can perform any additional actions - demand money, spoil information, go to the Internet for additional instructions, or do nothing.
And on what the virus is written is no longer important. Injection into a file is now almost uncommon.
1) At first it works exactly the same as written in C.
2) Then it works exactly the same as written in C.
3) And finally it works exactly the same as written in C.
Because C is just an Assembler compiler preprocessor, and C++ too, and even C#, although it is already a more sophisticated "preprocessor". If you do not understand this, then you will not develop tactics that are used in high-quality viruses, such as you, "fetishists" who put the tool over the essence and imagine Assembler as a "magic wand" definitely do not belong here!
I will add from myself.
Now viruses are rarely written in assembler, and there are two reasons for this.
1. Complex harmful payload : downloading something over the Internet, network exploits, remote control.
2. Complicated PE format, extremely rare software exchange, digital signatures on critical files and UAC. Therefore, embedding in files is difficult and unproductive. UPD - there are many "satellite viruses", but digital signatures on critical files and UAC cannot be penetrated by them either.
An exploit with code injection needs a small body, and it is written in assembler or Visual C. And if it is a regular EXE / DLL, then in a language for which the OS is guaranteed to have a runtime environment. Mostly Visual C and .NET older versions.
Viruses that exploit errors in runtime environments (JS engines, Java, .NET) - of course, in the language of the environment (JS/Java/C#). If the error involves code injection, see above.
UPD2. I didn't write the virus, but how would I make it work?
I'd go through the disks. I would create a hidden folder with a microsoft-like name and quietly encrypt files into it. Suddenly, at moment X, I rename the source files to the same folder, overwrite a couple of kilobytes of the beginning, rename the hidden ones in their place and output: your computer is encrypted! If a person hesitates, I overwrite the rest of the files, and then delete them.
It remains to figure out how to smuggle this virus onto the victim's computer and how to pretend to be a legitimate program. The simplest option, in my opinion, is to pretend to be a software site, put a virus in each and do active SEO. What will happen when I do, I don't know. And to pretend to be a program - I'll come up with some kind of techno-bullshit service from Microsoft. Although real virus writers buy exploits on the black market, I am not familiar with this business.
Takes and works like any other program. And the study of a particular sample is an extremely expensive service.
How does a virus work?
The virus can "attach", for example, at the end of the EXE file.
When the EXE file is launched, control is transferred to the virus, it does something and then the main program is launched, while the user does not notice anything.
A virus can start, for example, a process, etc. etc..
A virus can be written in any language, but, of course, assembly language is cooler...
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question