How Anti viruses works ? What are the techniques used by Anti Virus to detect your payload? scriptkiddie.gq

Hey hackers!!!

Today we will discuss about how a Anti Virus works , and how to defeat them.

Before we begin with Scanning network if you want to host your own website, whether it is for projects, business at the minimal amount BlueHost provides Hosting Only for $3/month.

So, before you use your programming skills to forge a deadly and self-reproducing virus, it is important to understand the anti-virus techniques which modern anti-viruses use, and to examine how an anti-virus programs works.

We will discuss about some simple anti-virus techniques , and then study about how you can create a stealthy virus.

How Anti Virus Works ?

There are three different anti-virus techniques that are used to locate and eliminate viruses. These includes scanning, behavior checking, integrity checking. We will discuss about all these in a moment .

Scanning

Scanning search for specific code which is believed to indicate the presence of virus.

Scanning for viruses is the oldest and most popular method for locating viruses. Back in late 80’s when there were only a few viruses floating around, writing a scanner was fairly easy. Today, with thousands of viruses, and many new ones being written every year, keeping a scanner up to date is a major task .

For this reason Computer Security professionals consider scanners a obsolete and useless technology ,however scanners have an important advantage over other types of virus protection it allows one to catch a virus before it ever executes in your computer .

Let’s consider a example of MINI-44 virus (its a COM infector , which infects only COM program files ), which is assembled to its binary code .

A scanner that uses 16 byte strings might just take the first 16 bytes of the virus code and use it to look for the virus in other files.

What other files? MINI-44 is a COM infector, so it should logically be found in COM files. However, our scanner is of 16 byte and its a poor scanner it will only look for virus in files that have a file name ending with COM .

Recall that scanners major advantage is that it can find virus before it actually executes, so the scanner should also look for EXE files. Any COM file including MINI-44 in it can be renamed to EXE and planted on a disk. When it executes , it will only infects COM files , but originally is an EXE.

We can say that scanners have a different modes which will search for different type of files. But what if a virus is programmed in such a way that scanner could not detect it (just like our 16 byte scanner, which is not able to find MINI-44 EXE ) it happened because it was not mentioned inside the scanner scope while programming scanners.

Behavior Checkers

The next major type of anti virus product available today is what i call a behavior checker.

Behavior checker watch your computer for virus like activity , and alert you when it takes place. We can say that a behavior checker isa memory resident program that user loads in the AUTOEXEC.BAT file and then it just sits there in the background looking for unusual behavior.

Unusual behavior such as :

1. attempt to open COM or EXE files in read/write mode.
2. attempts to write to boot or master boot sectors.
3. attempts to go to memory resident.

Typically, it look for this kind of behavior by hooking interrupts (executes a ode when interrupt occurs).

Integrity Checkers

Typically , an integrity checker will build a log that contains the names of all the files on a computer and some type of characterization of this files .That characterization may consist of basic data like file size, date/time stamp, checksums etc.

Every time user runs the integrity checker , it examines all the files on the system and compares with the characterization it made earlier.

It will catch most changes to files made on your computer, including changes made by virus. This works because, if a virus adds itself to aerogramme file, it will probably make it bigger and changes the checksums (A checksum is a small-sized datum derived from a block of digital data for the purpose of detecting errors that may have been introduced during its transmission or storage). The integrity checker will notice that something has changed and will alert the user to this so that he/she can take preventive action .

Although there will e thousand of viruses in your computer and the integrity checker will never alert you about it ,cause those virus didn’t execute or change any files.

Now you know how the antivirus works, what techniques it uses in order to detect the viruses .In our upcoming blogs we will discuss about how you can create a stealthy virus .

Keep Coming for more !!

Follow me for more informative blogs, Happy Hacking.