Most viruses today have retro abillities, but I'm talking about a virus, that is specially coded to destroy anti-virus programs. It would turn off resident AV monitors, install troyans in anti-viruses (*.AVC and TBSCAN.DEF infection). It would also overwrite part of AV programs by installing itself in them and then simulate that the AV scans. There are several viruses that patched the "File system" status on TbScan's output to hide the fact that it suddenly used DOS services to read the disk. A SAAV virus would for example execute the graphics procedure to display message "Scanning for known viruses in memory" by F-Prot/DOS but then just wait for some time. It would use the necessary procedure to bring up the scanning window, display filenames and instead of checking infect them. Or for example display "Checking partition table" by ThunderByte Partition (created by TbUtil) and check nothing. It could be like the real AIDS, which doesn't kill, it just destroys the immunity system and makes the way free for other deseases. It doesn't take much code to do so, just some small patches. The problem is how the virus finds what to patch coz AV companies would change the inner structure of the program with every new version. At this moment the fact, that most AV programs don't let to encrypt/compress themselves (coz of the CRC check), comes real handy.
Some advertisement says, "An Idea can change ur life."
Regards swarup
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment