A metamorphic virus has the ability to transform itself by changing the code.
The main components of a metamorphic virus are:
-SEARCH ROUTINE: care to seek new goals, such as a file to infect it. Once infected will become task to verify if the file is already infected or not, and then
accordingly decide whether to pass the infection routine.
-COPY ROUTINE: deals with the real
infection. This can happen in several ways, the ultimate goal is always to infect the target identified by the search component .
The mode of infection represented is called INFECTION VECTOR. A virus that
can reproduce through more than one mode is called a multipart.
-ANTI DETECTION ROUTINE: this component has the task to prevent behaviors or events that may be suspect and draw attention the user or antivirus. Almost always is not a single component but it is integrated in one of the previous two depending on its working mode.
For example, it can also change the attributes of a file to hide the changes made.
If the virus has not only meant its reproduction but also running
some function there are two other components:
-TRIGGER: has the task of deciding whether or not to trigger the action of the payload.
-PAYLOAD: this term defines the payload or more simply aiming fundamental of a transmission.
In the case of virus represents the body
of action tied to the execution of the virus.
This is just a brief introduction to the characteristics of this type of virus
.
The main components of a metamorphic virus are:
-SEARCH ROUTINE: care to seek new goals, such as a file to infect it. Once infected will become task to verify if the file is already infected or not, and then
accordingly decide whether to pass the infection routine.
-COPY ROUTINE: deals with the real
infection. This can happen in several ways, the ultimate goal is always to infect the target identified by the search component .
The mode of infection represented is called INFECTION VECTOR. A virus that
can reproduce through more than one mode is called a multipart.
-ANTI DETECTION ROUTINE: this component has the task to prevent behaviors or events that may be suspect and draw attention the user or antivirus. Almost always is not a single component but it is integrated in one of the previous two depending on its working mode.
For example, it can also change the attributes of a file to hide the changes made.
If the virus has not only meant its reproduction but also running
some function there are two other components:
-TRIGGER: has the task of deciding whether or not to trigger the action of the payload.
-PAYLOAD: this term defines the payload or more simply aiming fundamental of a transmission.
In the case of virus represents the body
of action tied to the execution of the virus.
This is just a brief introduction to the characteristics of this type of virus
.
Last edited by a moderator:
