Keeping the "last updated" section the same
Overwriting parts of a file so the file size is the same "cavity viruses"
Don't infect the virus check software since it often checks its own code first and the virus will be detected easily and early on
Don't infect "bait files"; be able to ID bait files
Intercept requests from the anti-virus program and send them to the virus, not the OS, then send an uninfected copy of the file
Modify code for each infection so it can't be infected
polymorphic code- re-encrypts itself differently in each file it infects so that it can't be detected by its identical parts
metamorphic code- re-write themselves entirely each time they infect something new
Not doing something really cool right away because then it will get caught and won't live long enough to infect other peoples' computers
No comments:
Post a Comment