Polymorphic & Cloning Computer Viruses


The generation of today is growing up in a fast-growing, high-tech world
which allows us to do the impossibilities of yesterday. With the help of modern
telecommunications and the rapid growth of the personal computer in the average
household we are able to talk to and share information with people from all
sides of the globe. However, this vast amount of information transport has
opened the doors for the computer "virus" of the future to flourish. As time
passes on, so-called "viruses" are becoming more and more adaptive and dangerous.
No longer are viruses merely a rarity among computer users and no longer are
they mere nuisances. Since many people depend on the data in their computer
every day to make a living, the risk of catastrophe has increased tenfold. The
people who create computer viruses are now becoming much more adept at making
them harder to detect and eliminate. These so-called "polymorphic" viruses are
able to clone themselves and change themselves as they need to avoid detection.
This form of "smart viruses" allows the virus to have a form of artificial
intelligence. To understand the way a computer virus works and spreads, first
one must understand some basics about computers, specifically pertaining to the
way it stores data. Because of the severity of the damage that these viruses may
cause, it is important to understand how anti-virus programs go about detecting
them and how the virus itself adapts to meet the ever changing conditions of a
computer. In much the same way as animals, computer viruses live in complex
environments. In this case, the computer acts as a form of ecosystem in which
the virus functions. In order for someone to adequately understand how and why
the virus adapts itself, it must first be shown how the environment is
constantly changing and how the virus can interact and deal with these changes.
There are many forms of computers in the world; however, for simplicity\'s sake,
this paper will focus on the most common form of personal computers, the 80x86,
better known as an IBM compatible machine. The computer itself is run by a
special piece of electronics known as a microprocessor. This acts as the brains
of the computer ecosystem and could be said to be at the top of the food chain.
A computer\'s primary function is to hold and manipulate data and that is where a
virus comes into play. Data itself is stored in the computer via memory. There
are two general categories for all memory: random access memory (RAM) and
physical memory (hard and floppy diskettes). In either of those types of memory
can a virus reside. RAM is by nature temporary; every time the computer is reset
the RAM is erased. Physical memory, however, is fairly permanent. A piece of
information, data, file, program, or virus placed here will still be around in
the event that the computer is turned off.
Within this complex environment, exists computer viruses. There is no
exact and concrete definition for a computer virus, but over time some commonly
accepted facts have been related to them. All viruses are programs or pieces of
programs that reside in some form of memory. They all were created by a person
with the explicit intent of being a virus. For example, a bug (or error) in a
program, while perhaps dangerous, is not considered a computer virus due to the
fact that it was created on accident by the programmers of the software.
Therefore, viruses are not created by accident. They can, however, be contracted
and passed along by accident. In fact it may be weeks until a person even is
aware that their computer has a virus. All viruses try to spread themselves in
some way. Some viruses simply copy clones of themselves all over the hard drive.
These are referred to as cloning viruses. They can be very destructive and
spread fast and easily throughout the computer system.
To illustrate the way a standard cloning virus would adapt to its
surroundings a theoretical example will be used. One day a teacher decides to
use his/her classroom Macintosh\'s Netscape to download some material on
photosynthesis. Included in that material is a movie file which illustrates the
process. However, the teacher is not aware that the movie file is infected with
a computer virus. The virus is a section of binary code attached to the end of
the movie file that will execute its programmed operations whenever the file is
accessed. Then, the teacher plays the movie. As the movie is being played the
virus makes a clone of