Anti-Virus Evasion Techniques and Countermeasures

Anti-Virus Evasion Techniques and Countermeasures - نسخه قابل چاپ

+- Parsi Coders (http://parsicoders.com)
+-- انجمن: Other sections (http://parsicoders.com/forumdisplay.php?fid=71)
+--- انجمن: Articles and books (http://parsicoders.com/forumdisplay.php?fid=74)
+--- موضوع: Anti-Virus Evasion Techniques and Countermeasures (/showthread.php?tid=1385)

Anti-Virus Evasion Techniques and Countermeasures - Amin_Mansouri - 12-27-2011

Anti-Virus Evasion Techniques and Countermeasures
Credit: www.infosecwriters.com

1. INTRODUCTION...................................... .................................................. .................................3
2. ANTI-VIRUS EVASION TECHNIQUES .................................................. ....................................4
2.1 USE OF BINDERS AND PACKERS........................................... .................................................. .......4
2.2 CODE OBFUSCATION .................................................. .................................................. ................6
2.3 CODE CONVERSION FROM EXE TO CLIENT SIDE SCRIPTS........................................... ..................8
2.4 FAKE FILE TYPE EXTENSION .................................................. .................................................. ...9
3. MALICIOUS CODES IDENTIFICATION AND REMOVAL TECHNIQUES ............................10
3.1 MANUALLY IDENTIFYING MALICIOUS CODES .................................................. ..........................10
3.2 MANUALLY REMOVING VIRUSES AND WORMS............................................. ..............................11
4. COUNTERMEASURES AGAINST MALICIOUS CODES .................................................. .......15
5. CONCLUSION .................................................. .................................................. ........................16
6. ABOUT AUTHOR............................................ .................................................. ..........................16

1. Introduction
The objective of this article is to demonstrate different possible ways that viruses
and worms coders use to evade any Anti-Virus products while coding malicious
programs and at the same time I shall also be discussing about the
countermeasures techniques to prevent against such attacks. Before I go in depth I
assume that the readers of this article are well aware of the difference between
worms and viruses.
It is not just an anti-virus product which can help protect the corporate and the endusers
from malicious program attacks but rather what is most important is the
general user awareness about such risks and general responsibility towards
defending against such attacks.
This article will also try to educate various kind computer users in the simplest way
to deal with viruses and worms and defend against such malicious attacks where
the AV engine become helpless when special techniques are used by this malicious
codes to prevent detection.
In this article I shall highlight on the following things:
Anti-Virus Evasion Techniques
Use of binder and packers
Codes Obfuscation
Code conversion from EXE to client side scripts
Fake file type extension
Malicious Codes Identification and Removal Techniques
Countermeasures against Malicious Codes

download :
http://www.infosecwriters.com/text_resources/pdf/AV_Evasion.pdf