HOW VIRUSES AVOID DETECTION

by CEO Justin Tomel.
Share
|
Homepage | Submit your article | Contact | TOS
More articles on software  

You are here: Categories » Computers and technology » Software

Viruses can survive only if they remain undetected long enough to give them time to spread to other computers. To increase a virus's chance of surviving, virus programmers have used a variety of tactics.

Infection methods

Antivirus programs can spot a virus in one of two ways. First, the antivirus program may recognize a particular virus's signature, which is nothing more than the specific instructions embedded in the virus that tell it how to behave and act. A virus's signature is like a criminal's fingerprint—each one is unique and distinct.

A second way antivirus programs can detect a virus is through its behavior. Antivirus programs can often detect the presence of a previously unknown virus by catching a virus as it tries to infect another file or disk.

To sneak past an antivirus program, many viruses use a variety of methods to spread:

  • Direct infection

  • Fast infection

  • Slow infection

  • Sparse infection

  • RAM-resident infection

Direct infection means that the virus infects a disk, or one or more files, each time you run the infected program or open the infected document. If you don't do either, the virus can't spread at all. Direct infection is the simplest but also the most noticeable way of infecting a computer and can often be detected by antivirus programs fairly easily.

Fast infection means that the virus infects any file accessed by an infected program. For example, if a virus infects your antivirus program, watch out! Each time an infected antivirus program examines a file, it can actually infect that file immediately after certifying that the file is virus-free.

Slow infection means that the virus only infects newly created files or files modified by a legitimate program. By doing this, viruses attempt to further mask their presence from antivirus programs.

Sparse infection means that the virus takes its time infecting files. Sometimes it infects a file, and sometimes it doesn't. By infecting a computer slowly, viruses reduce their chance of being detected.

RAM-resident infection means that the virus buries itself in your computer's memory, and each time you run a program or insert a floppy disk, the virus infects that program or disk. RAM-resident infection is the only way that boot viruses can spread. Boot viruses can never spread across a network or the Internet since they can only spread by physically inserting an infected floppy disk into a computer, although they can still infect individual computers attached to a network.

Stealth

Viruses normally reveal their presence during infection. For example, a file-infecting virus typically changes the size, time, and date stamp of the file that it infects. However, file-infecting viruses that use stealth techniques may infect a program without modifying the program's size, time, or date, thus remaining hidden.

Boot viruses always use stealth techniques. When the computer reads a disk's boot sector, the boot virus quickly loads the real boot sector (which it has safely stashed away in another location on the disk) and hides behind it. This is like having your parents call you at home to make sure you're behaving yourself, but you really answer the phone at the neighborhood pool hall by using call forwarding. As far as your parents are concerned, they called your home number and you answered. But in reality, their call got routed from your home phone to the pool hall phone. Such misdirection is how boot viruses use stealth techniques to hide their presence from the computer.

In most cases, stealth techniques mask the virus's presence from users but cannot always fool an antivirus program. For further protection against an antivirus program, viruses may use polymorphism.

Polymorphism

To keep from infecting the same file or boot sector over and over again (and revealing itself), viruses must first check to see whether they have already infected a particular file or boot sector. To do so, viruses look for their own signature—the set of instructions that make up that particular virus. Of course, antivirus programs can also find viruses by looking for these signatures, as long as the virus has been caught and examined—if that hasn't happened, an antivirus program will never know the virus's signature.

If convicted criminals could modify their fingerprints each time they committed a crime, they would be harder to catch. That's the idea behind polymorphism.

Theoretically, a polymorphic virus changes its signature each time it infects a file, which means that an antivirus program can never find it. However, because polymorphic viruses need to make sure they don't infect the same file over and over again, polymorphic viruses still leave a small distinct signature that they (and an antivirus program) can still find.

Retaliators

The best defense is a good offense. Rather than passively hiding from an antivirus program, many viruses actively search out and attack them. When you use your favorite antivirus program, these retaliating viruses either modify the antivirus program so that it can't detect the virus, or they infect the antivirus program so that the antivirus program actually helps spread the virus. In both cases, the attacked antivirus program cheerfully displays a "Your computer is virus-free" message while the virus is happily spreading throughout your computer.

Share
Leave a comment or ask a question
Total comments: 0

Software Disclaimer

  • The e-articles directory is not responsible for any and all copyright infringements by writers and authors. If you suspect the information contained by this page for any copyright infringements, please contact us to investigate the issue
Detecting SoftICE by Searching Memory - This detection searches the memory in the V86 mode for the WINICE.BR string. Because this method is infrequently used, it's worth considering, though it can only be used in Windows 9x. Thi (more...)
Fight for the Future, Digital Future: Google VS Apple - We can be proud as we watch one of the greatest virtual wars unleashing at the digital market. If 15 years ago it was Apple Vs Windows confrontation, today it has slightly changed its main parties (more...)
The Beginner's Guide to iPad Video Conversion on Mac - So, you've just taken in a shiny new iPad and impressed by its beautiful display. There are several possible sources of content that you will want to convert for viewi (more...)
Touch and View: iPad application - iPad application development has become an extremely popular topic at numerous conferences and workshops since the product introduction keynote. Mobile software companies went boldly into the une (more...)
Deciding on TIFF vs. JPEG Output for Scanned Images - It can be difficult to understand which file type is best for saving your scanned images. Here's a brief breakdown of the two most common options. Preserving beloved memories is on (more...)
Photoshop Clipping Path and Masking Techniques :: Wonderful Technique to Knock Out Image Background - Graphic design is being the promotional key in every spare of business and individual life. Business organizations seek graphic tools to have publicity by dint of bill board, catalogs, magazines, w (more...)
Tips on Getting MP3 from CD as iPhone Ringtone on Mac - Many people must have favorite CDs filled with their bookcase or CD case somewhere at home due to the songs they loved while they still need to pay $0.99 each to get the same songs as their iPhone (more...)
Know about Architectural CAD Drawing - Architectural CAD drawing, which literally mean architectural drawing on the computer. Getting your architectural drawing in digital format. This applies to residential, commercial, pho (more...)
Tips to Develop Mechanical CAD Drawings and Design - The standard mechanical engineering CAD expert photo, as you need to develop such that can easily be explained by mechanical engineers. Before starting work on a mechanical image, you should know h (more...)
Most popular free open source software - Open source software ( OSS) is license-free computer software which can be used, modified, or distributed freely. There is a misconception that OSS is "second rated" or "prototyped" ver (more...)
 
free content
    Copyright © 2006 - 2012 e-articles.info.
The texts, articles and tutorials in the directory are property of their respective owners and authors.