Re: Virus Detection
Basically this is how I understand it.
Anti-Virus companies catch a virus, they then identify a set of bytes that can be linked to this virus, even if a few changes are made by a skiddy, and also they want to make sure that it's not a byte sequence commonly found in legit programs. This is obviously because they don't want the virus scanner to be picking up a lot of legit programs.
Also if there is no byte sequence in your code that matches a current definition then your virus or worm or whatever it is is going to pass. No piece of any malicious code I have ever written has been picked up by an online virus scanner, this is the same reason that viruses can be powerful in the wild. If their code is unique, then there will need to be a new definition before they can be caught by AVs.
Also dude antivirus scanners don't make defintions, they simply get the definitions that are sent to them from the AV company.
|