VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Stripping down an AV engine

Igor Muttik
Virus Bulletin Conference
September 2000

PDFDownload PDF (44.75Kb) (You need to be registered on forum)
[Back to index] [Comments]


The complexity of anti-virus software has grown enormously over the last five years. The methods used to detect viruses have evolved from dumb-grunt scanning of the whole file from top to bottom for a specific search string to very intelligent methods based on a combination of heuristic and specific detection methods. This paper discusses this evolution in detail: from old-fashioned methods to the most complex contemporary ones. When speaking to the people not directly involved in the AV business I found it rather amusing that they are usually surprised to find that these days we do not use scan strings as such any more. In fact, we do, but not frequently, because for contemporary malware better methods can be used. What are they?

[Read the article]

By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! aka