Other > General Topics
Malware & registery question.
Lisandro:
Sometimes, Wilders' forums do not have the desired quality and precision. I have 'lost' quite a lot of time following advices than, at last, were not so correct :(
techie101:
Technical,
I think that it was in the interpretation of the article.
It was not clearly explained.
Waldo,
Raman is correct.
Not all viri enter the registry. It would depend on their purpose. Self executing malware usually will worm their way into the registry. Other viri just change files so they become unusable, or modify them for their own dastardly purposes.
Cojo,
We all have similar troubles at times.
techie
Waldo:
I also wonder,
Does AVAST offers some kind of generic detection (content behavior) or is it
simply signature based ? (i know Mail provider uses heuristics)
Wy do I ask :
because nowadays you can "order" custom made dangerous trojans that are
edited to evade detection from the AV you want.
If you only trust on signature detection > IMHO > your doomed if you encounter a edited and / or polymorphic R.A.T
I also believe that signature is no good against polymorpic malware as they change there content over and over again. You can create with a mutation engine ( do a Google search) thousands of mutated trojans.
Just like the vendors of TDS-3 explain here (Donald Dick RAT):
If this was a normal server, we'd see the same code with every server we created. As we see in the above screenshot, this isn't the case with polymorphic trojans. With Donald Dick servers, not only are all of the entrypoints and file sizes different, but all the instruction sequences are also very unique! No form of signature-based or conventional detection can be used to detect this trojan.
http://tds.diamondcs.com.au/index.php?page=polymorphictrojans
I wonder of AVAST of any other Av can cope with such threats, and HOW ? please fill me in...
Waldo
Lisandro:
--- Quote from: Waldo on December 27, 2003, 01:22:48 AM ---Does AVAST offers some kind of generic detection (content behavior) or is it
simply signature based ? (i know Mail provider uses heuristics)
Waldo
--- End quote ---
This was discussed in the past. Minacross I suppose.
This will be the eternal war against viruses. Some programmers think that only 'generic' or heuristic detection will solve the mutation and new virus. Other think that the 'false positives' will be so much too irritate. This is the border of the new technologies of viruses detection/prevention/cleaning.
MWassef:
Technical,
you are right, as always.. (a K cookie from me) ;D
this is the thread you mean: using heuristics
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version