generic detection !! useful information in 1 pdf file

Discussion in 'other anti-virus software' started by Jin K, Apr 17, 2009.

Thread Status:
Not open for further replies.
  1. Jin K

    Jin K Registered Member

    Joined:
    Apr 9, 2008
    Posts:
    105
    Last edited: Apr 17, 2009
  2. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    Interesting approach. But they have used legacy malware families to prove their efficiency.

    If in future, if there are changes in malware structure this method may become ineffective.
    Plus the whole idea of using API call structure to create signature can/will lead to multitudes of FPs.
    Assembly written viruses have existed since for long. I remember studying of ASM based virus example in college. I am sure the same is equally possible today. I am not a AV expert, but I think many rootkits use assembly language to infiltrate without suspicion. So their approach of mapping critical Win API calls may not detect rootkits and other assembly malware.

    This is what I could assimilate at first glance. I am sure people like IC, Eraser, etc. would be able to comment on this paper with much better than me.
     
Loading...
Thread Status:
Not open for further replies.