All geek questions in one place

Emulation of virus-like behavior?

I am looking for a way to emulate virus-like behavior to test exceptions in antivirus software. Can someone recommend some behavior that I can put together in a quick script that will invoke a typical real-time antivirus scanner?

+3
source share
4 answers

Most antivirus programs work with a signature database rather than with heuristic detection, so most of them will not notice anything unless you write a program with the same signature as it.

If you have a heuristic-based detection program, just try some obvious virus behavior, for example, changing settings that control how programs start when they start, checking processes for common names of antivirus programs, etc. You can find documentation for your specific program and find out which heuristic it uses to try to detect viruses based on behavior. It will be quite difficult to find most of the use by simply letting go of "blind behavior" similar to this behavior. "

+4
source

Are you looking for something like an Eicar test file ?

, , , LowLevelKeyboardProc() SetWindowsHookEx(). , .

+7

2000 ILOVEYOU ( ), VBScript, Outlook. Outlook , , .

+1

, , , , .

http://www.securityfocus.com/infocus/1557

You can also take a look at SARC (Symantec Antivirus Research Center). If you look at some of the latest threats, technical details and removal instructions will tell you what they do when a system is infected.

Here is an example:

http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-050707-0639-99

+1
source

Source: https://habr.com/ru/post/1707907/

More articles:


All Articles