• Same “last Modified” Date.
• Overwriting Unused areas of the .exe files.
• Killing tasks of Antivirus Software
• Avoiding Bait files & other undesirable hosts
•Making stealth virus
• Self Modification on each Infection
• Encryption with variable key.
• Polymorphic code
Same “last Modified” Date
• Same “last Modified” Date.
• In order to avoid detection by users, some viruses employ different kinds of deception.
• Some old viruses, especially on the MS-DOS platform, make sure that the "last modified" date of a host file stays the same when the file is infected by the virus.
• This approach sometimes fool anti-virus software.
Killing Antivirus Tasks
• Some viruses try to avoid detection by killing the tasks associated with antivirus software before it can detect them.
Avoiding Bait files
• Bait files (or goat files) are files that are specially created by anti-virus software, or by anti-virus professionals themselves, to be infected by a virus.
• Many anti-virus programs perform an integrity check of their own code.
• Infecting such programs will therefore increase the likelihood that the virus is detected.
• Anti-virus professionals can use bait files to take a sample of a virus.
Stealth Request
• Some viruses try to trick anti-virus software by intercepting its requests to the operating system.
• The virus can then return an uninfected version of the file to the anti-virus software, so that it seems that the file is "clean".
Self Modifications
• Some viruses try to trick anti-virus software by modifying themselves on each modifications
• As file signatures are modified, Antivirus softwares find it difficult to detect.
Encryption with variable key
• Some viruses use simple methods to encipher the code.
• The virus is encrypted with different encryption keys on each infections.
•The AV cannot scan such files directly using conventional methods.
• Overwriting Unused areas of the .exe files.
• Killing tasks of Antivirus Software
• Avoiding Bait files & other undesirable hosts
•Making stealth virus
• Self Modification on each Infection
• Encryption with variable key.
• Polymorphic code
Same “last Modified” Date
• Same “last Modified” Date.
• In order to avoid detection by users, some viruses employ different kinds of deception.
• Some old viruses, especially on the MS-DOS platform, make sure that the "last modified" date of a host file stays the same when the file is infected by the virus.
• This approach sometimes fool anti-virus software.
Killing Antivirus Tasks
• Some viruses try to avoid detection by killing the tasks associated with antivirus software before it can detect them.
Avoiding Bait files
• Bait files (or goat files) are files that are specially created by anti-virus software, or by anti-virus professionals themselves, to be infected by a virus.
• Many anti-virus programs perform an integrity check of their own code.
• Infecting such programs will therefore increase the likelihood that the virus is detected.
• Anti-virus professionals can use bait files to take a sample of a virus.
Stealth Request
• Some viruses try to trick anti-virus software by intercepting its requests to the operating system.
• The virus can then return an uninfected version of the file to the anti-virus software, so that it seems that the file is "clean".
Self Modifications
• Some viruses try to trick anti-virus software by modifying themselves on each modifications
• As file signatures are modified, Antivirus softwares find it difficult to detect.
Encryption with variable key
• Some viruses use simple methods to encipher the code.
• The virus is encrypted with different encryption keys on each infections.
•The AV cannot scan such files directly using conventional methods.