DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

Where Have the Viruses Gone?

Where have computer viruses gone? Check out this post to read more on one dev's look at the falling number of viruses in malware.

Christopher Lamb user avatar by
Christopher Lamb
CORE ·
Oct. 11, 18 · Analysis
Like (1)
Save
Tweet
Share
5.56K Views

Join the DZone community and get the full member experience.

Join For Free

Over the past few years, computer viruses have all but disappeared from malware development. We see rootkits, botnets, exploit kits, worms, and trojans galore, but viruses aren't really common anymore. Even system re-infection doesn't use viruses today — we see programs loaded into registry keys, or installed as tasks or services, but still, no viruses. Why is that? And, will they make a comeback?

First, let's define a few terms quickly. A worm is a program that infects a remote, uninfected computer. A trojan as a program that claims to do one thing, but does something else, too. A virus is just a program that is able to inject itself into other programs and replicate via this mechanism of program insertion. So, where are they?

Well, there's one primary reason you don't see them very much anymore — traditional file and boot infectors are trivial to find. Why is that?

Well, let's look at the CIH virus as an example. This was a pretty sophisticated virus when it was written in 1998. At that point in time, viruses would usually append themselves or some significant portion of the executable virus body at the end of a file. CIH was the first example of a virus that stored the virus body in pieces throughout a PE executable. Most PE executable files have significant empty space within the file body, and CIH took advantage of that by stuffing code into those unused spaces. This way, the infected executable could remain the same size after infection, making infections harder to find. At the time, filesize checks were a common way to determine whether a file had been infected.

Today, we don't rely on filesizes. We use hash functions instead. And, hash functions don't care about the size of the file — they only care about the content. So, if those empty spaces are used, for example, the binary signature of those spaces will change, and the hash signature of that file will change, too. In fact, hash signatures will find any binary change in the file — no matter how small it might be. In order to circumvent this approach, you'd need to exploit a hash collision in the algorithm (a situation where two files create the same signature). That's possible to do with some hash algorithms (MD5, for example) but not modern algorithms, like SHA-256.

Why else? I mean, we see trojans and worms all the time. And, we certainly have use cases where viruses would be useful.

Frankly, I don't really know, besides the fact they can be easier to find. But, I wouldn't count them out. If you have any ideas on why, drop a line in the comments below!

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • How To Generate Code Coverage Report Using JaCoCo-Maven Plugin
  • Microservices Discovery With Eureka
  • 2023 Software Testing Trends: A Look Ahead at the Industry's Future
  • SAST: How Code Analysis Tools Look for Security Flaws

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends: