Sunday, August 23, 2009

How anti virus makers analyze computer viruses ?

I have seen many antivirus makers found all the characteristics of the virus just after a new viruse found.How do they do it?



How anti virus makers analyze computer viruses ?network



decompiling the code. There are tools that look at the assembly language of the code and you can tell. It is a complicated process. I recommend the O'reily book Security Warrior if you want to learn more.



How anti virus makers analyze computer viruses ?norton



your Q must go to other group!



be carefull when asking!
They make the viruses so they can keep selling their products.
usually by using heuristics:



http://en.wikipedia.org/wiki/Heuristic_%...



read that, it will tel you most of what you need to know
Lots of test systems, lots of time spent decompiling and analyzing them, gathering reports from others, etc.
To understand how they do it, you need to know how a virus/worm/trojan acts:



Most viruses/trojans/worms have something called a 'payload'. This is part of the program that does it's 'nasty' bit. Identification of this virus basically boils down to attempting to find if any benign-looking program attempts to do anything it shouldn't. This is detected in two ways:



1) You could try to decompile the executable, and look for parts that do malicious things (a bit cumbersome, but it can done)

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)