Eco System of Virus

Last Monday, a computer in my lab got infected of virus. The network admin tried several anti-spyware softwares, and tried to delete the virus manually in safe-mode. But after the softwares deleted several virus, one virus was still alive.

On Friday, the computer had become very slow, and a new message pop-up saying:"You computer has been slow down 40% because of virus. Please click the link to purchase xxxx anti-virus software". When the admin ran the anti-spyware software again, 5 virus were found, so the only way to deal with it is, of course, reinstallation.

There was only 1 virus on Wednesday, why 5 virus were found on Friday? Because the immortal virus created a port allowing other virus to intrude this computer. This is the Eco System of Virus.

Yes, when a virus is executed, it gets the privilege to run anything. The first thing is to create a back door, so that it can enter the system any time it wants. Other virus will take advantage of the back door, and get in this computer without permission of the origin virus. For example, in the Sony rootkit scandal, Sony's Badware hides itself from users by changing to operating system to hide file names begins with "$sys$", then the new virus are named with "$sys$". If your computer are infected with Sony's Badware, you can't notice the existence of the new virus.

In a eco system, co-existence is not the only relation between members. Competition is also important. Competition can create better generation, and eliminate the worse ones.

Even in the Eco system of Virus, there is competition. The famous case was between Netsky and Beagle. The war was in 2004, when one programmer accusing another programmer stole the source code. The virus can get rid of another one when it has the control of a computer. but in the second day, another one creates a new generation which can delete its rival.

The evolution of virus is also interesting. A virus can't prevail too long, because the security experts in the world will definitely find a solution to prevent the distribution. The authors of the virus know this well too. So, a virus must have next generation which has new feature to bypass the solution of previous generation. A virus (or the programmer) learns how to fight with the world during the evolution. It also learns how to take advantage of backdoor from other virus, and avoid attack of rivals. The Beagle virus is wise enough to set a deadline in it's program, because it knows one generation of virus can't stay for more than 1 month, and it knows clearly the next generation will be stronger, and the ancestor should suicide to release the resouce for the next one.

One question amazed a lot of peoples: How do police find out who is the author of a virus?
The answer is: The computer world is so complicate that a newcomer can't make (good) virus alone. So if a good virus is going around the Internet, the programmer must have experience, or acquire experience from some old-hands. So he must be an active member in hacker community, and he shows off his programs to his friends.