Lecture 11 - Viruses Virus Signature A virus can never be...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
A virus can never be totally invisible. To execute, it must be loaded into memory. Could look for: Execution pattern Storage pattern Code pattern These are the virus’s signature. Virus scanners look for signatures. Virus scanner must “know” the virus to detect it. It is essential to keep a virus scanner up to date. Storage pattern: -Usually viruses attach at the same position relative to a file. E.g. 100 bytes down. -File size may grow with a virus attached Virus scanner could compare checksums -Virus scanner could look for jump instruction at the beginning of a program Execution Pattern: Benign viruses proof of concept Or maybe more harmful, delete files, shutdown system, prevent reading or writing from disk Transmission Pattern: A virus may travel to a different location each time it is activated. Polymorphic Viruses A polymorphic virus that has two appearances will be considered as two viruses (by the virus scanner). If the virus could randomly rearrange itself…
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 3

Lecture 11 - Viruses Virus Signature A virus can never be...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online