|
-- Vendor-Independent Anti-Virus Information and Education Site --
By Bill Grogg Viruses feature a number of techniques in an attempt to avoid detection. As long as they are undetected, viruses are free to spread, and the most successful viruses are usually those that can avoid detection the longest. When the virus is finally found, it may already have spread far and wide to many other computers. Polymorphism Polymorphism is a technique viruses use in order to try to escape detection by virus scanner products. A virus scanner many times uses a known pattern of bytes (commonly referred to as a string, signature, or pattern) in order to identify the existence of a virus in a program. Polymorphism is the use of changing patterns by the virus. Thus, it may be very difficult to determine a string that always identifies the polymorphic virus. Stealth Another technique a virus may use in order to avoid detection is known as stealth. Stealth techniques are designed to make it look like nothing has changed. For example, a boot sector virus that uses stealth may present the original boot sector of the diskette when any request to read the boot sector is detected. Another example is a file virus detecting a scanner program calculating a checksum on an infected file and the virus giving the original checksum information to the scanner. Return to the Timberwolf Anti-Virus Information Center table of contents
|