Parsi Coders

نسخه‌ی کامل: Anti-Virus Evasion Techniques and Countermeasures
شما در حال مشاهده نسخه آرشیو هستید. برای مشاهده نسخه کامل کلیک کنید.

Anti-Virus Evasion Techniques and Countermeasures
Credit: www.infosecwriters.com





1. INTRODUCTION...................................... .................................................. .................................3
2. ANTI-VIRUS EVASION TECHNIQUES .................................................. ....................................4
2.1 USE OF BINDERS AND PACKERS........................................... .................................................. .......4
2.2 CODE OBFUSCATION .................................................. .................................................. ................6
2.3 CODE CONVERSION FROM EXE TO CLIENT SIDE SCRIPTS........................................... ..................8
2.4 FAKE FILE TYPE EXTENSION .................................................. .................................................. ...9
3. MALICIOUS CODES IDENTIFICATION AND REMOVAL TECHNIQUES ............................10
3.1 MANUALLY IDENTIFYING MALICIOUS CODES .................................................. ..........................10
3.2 MANUALLY REMOVING VIRUSES AND WORMS............................................. ..............................11
4. COUNTERMEASURES AGAINST MALICIOUS CODES .................................................. .......15
5. CONCLUSION .................................................. .................................................. ........................16
6. ABOUT AUTHOR............................................ .................................................. ..........................16


1. Introduction
The objective of this article is to demonstrate different possible ways that viruses
and worms coders use to evade any Anti-Virus products while coding malicious
programs and at the same time I shall also be discussing about the
countermeasures techniques to prevent against such attacks. Before I go in depth I
assume that the readers of this article are well aware of the difference between
worms and viruses.
It is not just an anti-virus product which can help protect the corporate and the endusers
from malicious program attacks but rather what is most important is the
general user awareness about such risks and general responsibility towards
defending against such attacks.
This article will also try to educate various kind computer users in the simplest way
to deal with viruses and worms and defend against such malicious attacks where
the AV engine become helpless when special techniques are used by this malicious
codes to prevent detection.
In this article I shall highlight on the following things:
 Anti-Virus Evasion Techniques
 Use of binder and packers
 Codes Obfuscation
 Code conversion from EXE to client side scripts
 Fake file type extension
 Malicious Codes Identification and Removal Techniques
 Countermeasures against Malicious Codes

download :
http://www.infosecwriters.com/text_resou...vasion.pdf