When most people think of malware, they envision viruses. Viruses are one of the most common types of malware. They consist of malicious software that can self-replicate while spreading to other computers and devices. Different viruses work in different ways. Most of them, however, use an infection cycle that’s comprised of the four following phases.
Viruses typically don’t self-replicate or otherwise cause harm upon infection. Rather, they remain dormant. The first phase in a virus’s infection cycle is the dormant phase. The virus won’t self-replicate, nor will it delete, capture or modify data on the infected computer. The dormant phase lives up to its namesake by keeping the virus dormant and inactive.
Following the dormant phase is the propagation phase. The propagation phase is when the virus self-replicates. All viruses self-replicate. Self-replication, in fact, is what distinguishes viruses from other types of malware. During the propagation phase, viruses will create copies of their malicious code, which they’ll store on other parts of the infected computer’s disk drive.
The propagation phase may include a process known as morphing. Some viruses morph as they self-replicate. Morphing means that the virus doesn’t create an exact copy of itself when self-replicating. Rather, the virus changes its code. Morphing is designed to make viruses harder to detect. If a virus morphs, it will typically do so during the propagation phase.
The third phase in a virus’s infection cycle is the trigger phase. The trigger phase involves activation. Viruses aren’t considered active until they enter the trigger phase. Upon entering the trigger phase, viruses will initiate their malicious activities.
Viruses can be programmed to activate in response to different triggers. A trigger might be a minimum of self-replications, such as 100. Once the virus has self-replicated 100 times, it will enter the trigger phase. Alternatively, the trigger may consist of the passage of time, such as 48 hours. After 48 hours have passed, the virus will enter the trigger phase. Regardless, viruses have a trigger that causes them to activate and, thus, initiate their malicious activities.
The fourth and final phase of a virus’s infection is the execution phase. The execution phase involves the release of a payload. Viruses have a payload. The payload is the malicious code that’s designed to harm or otherwise negatively affect the targeted computer. Some payloads can delete data. Others can cause unwanted pop-ups or advertisements.