VIRUSES

A computer virus has three parts:

Infection mechanism
How a virus spreads, by modifying other code to contain
a (possibly altered) copy of the virus. The exact means through which a virus
spreads is referred to as its infection vector. This doesn't have to be unique
- a virus that infects in multiple ways is called multipartite
Trigger
The means of deciding whether to deliver the payload or not
Payload
What the virus does, besides spread. The payload may involve damage,
either intentional or accidental. Accidental damage may result from
bugs in the virus, encountering an unknown type of system, or perhaps
unanticipated multiple viral infections.

Except for the infection mechanism, the other two parts are optional, because
infection is one of the key defining characteristics of a virus. In the absence of
infection, only the trigger and payload remain, which is a logic bomb.
In pseudocode, a virus would have the structure below. The t r i g g e r function
would return a boolean, whose value would indicate whether or not the
trigger conditions were met. The payload could be anything, of course.

def virus ( ) :
infect ( )
if t r i g g e r ( ) is true:
payload( )

Infection is done by selecting some target code and infecting it, as shown
below. The target code is locally accessible to the machine where the virus runs, applying the definition of viruses from the last chapter. Locally accessible
targets may include code in shared network directories, though, as these
directories are made to appear locally accessible.
Generally, k targets may be infected each time the infection code below is run.The tricky part of select_target
is that the virus doesn't want to repeatedly re-infect the same code; that would
be a waste of effort, and may reveal the presence of the virus. Select_target
has to have some way to detect whether or not some potential target code is
already infected, which is a double-edged sword. If the virus can detect itself,
then so can anti-virus software. The infect _code routine performs the actual
infection by placing some version of the virus' code in the target.

def infect ( ) :
repeat k times:
target = select_target( )
if no target:
return
infect_code(target)

Viruses can be classified in a variety of ways. The next two sections classify
them along orthogonal axes: the type of target the virus tries to infect, and the
method the virus uses to conceal itself from detection by users and anti-virus
software. Virus creation need not be difficult, either; the virus classification is
followed by a look at do-it-yourself virus kits for the programming-challenged.