Computer Viru-Antivirus Coevolution

Computer Viru-Antivirus Coevolution - Computer Virus...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
46 January 1997/Vol. 40, No. 1 COMMUNICATIONS OF THE ACM A S RECENTLY AS SIX YEARS AGO , COMPUTER viruses were considered an urban myth by many. At the time, only a handful of PC viruses had been written and infection was relatively uncommon. Today the situation is very different. As of November 1996, virus writers have programmed more than 10,000 DOS-based computer viruses. In addition to the sheer increase in the number of viruses, the virus writers have also become more clever. Their newer creations are significantly more complex and difficult to detect and remove. These “improvements” can be at least partially attributed to the efforts of antivirus producers. As antivirus products improve and detect the “latest and greatest” viruses, the virus authors invent new and more devious ways to hide their progeny. This coevolution has led to the creation of the most complex class of virus to date: the polymorphic computer virus. The polymorphic virus avoids detection by mutating itself each time it infects a new program; each mutated infection is capable of performing the same tasks as its par- ent, yet it may look entirely different. These cunning viruses simply cannot be detected cost- effectively using traditional antivirus scanning algorithms. Fortunately, the antivirus producers have responded, as they have in the past, with an equally creative solution to the polymorphic virus threat. Many antivirus programs are now starting to employ a technique known as generic decryp- tion to detect even the most complex polymorphic viruses quickly and cost effectively. A computer virus is a self-replicating computer pro- BEATA SZPURA Computer Virus— Coevolution The battle to conquer computer viruses is far from won, but new and improved antidotes are controlling the field. Carey Nachenberg
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
COMMUNICATIONS OF THE ACM January 1997/Vol. 40, No. 1 47 —Antivirus gram that spreads by attaching itself to executable files or system areas on diskettes. Recently, we have also encoun- tered a new type of virus that infects application data files that contain macros. These viruses are constructed entirely of application macros and use the macro language to prop- agate themselves. In addition to their ability to replicate, some computer viruses also deliver a payload —a portion of the virus pro- gram that is designed to damage the host machine, display a message, or do some other mischief without the computer operator’s consent. This article focuses primarily on how computer viruses replicate and obscure themselves. The vast majority of computer viruses have been designed specifically for IBM-based PCs running the DOS and Windows operating systems. In terms of sophistication and functionality, these DOS-based viruses are generations ahead of viruses written for other operating systems and platforms. Consequently, this article examines how the antivirus community has tackled these DOS-based viruses. Nonetheless, the concepts presented apply for viruses
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 05/03/2010 for the course CS 1 taught by Professor Rohr during the Spring '08 term at UCLA.

Page1 / 6

Computer Viru-Antivirus Coevolution - Computer Virus...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online