All viruses has numerous modified versions, malicious people modify
them to avoid its extiction
(http://www.symantec.com/avcenter/reference/striker.pdf).
Symantec uses a heuristical engine
(http://www.symantec.com/press/2002/n020320.html) to find out virus
ocurrences. This process consist to compare "signs", each different
virus has a different "digital sign" which identifies it in a almost
unique way.
To improve the new virus detection process these signs are grouped
into a high level sign type, commonly called virus family heuristical
sign, the generic ones you refer to. With these signs Symactec can
detect virus which suffered slight variations in their specific signs.
This process is like validating your personal sign againts other that
seem to be the yours one.
You have to try to investigate the specific virus (sign) name,
starting from the family virus (sign) name, although names are not
equals to signs, they represent the human readeable form of signs.
2005/7/7, Hussain Salim <bo_ali90 (at) hotmail (dot) com [email concealed]>:
> hi,
> i want to know somenthing about generic detecion for example symantec detect
> some viruses and trojans as trojan.horse or backdoor.trojan why? why don't
> they detect them as a special name to know more information about them to
> fix what they do and thx.
>
> im asking this question because i got many trojan.horse and backdoor.trojan
> and there is no technical details for them to know more information to fix
> what they do in my computer :( .
>
> _________________________________________________________________
> Want to block unwanted pop-ups? Download the free MSN Toolbar now!
> http://toolbar.msn.co.uk/
>
>
--
"You don't know where your shadow will fall." Somebody.
-----------------------------------------------------------------------
Olaf Reitmaier Veracierta < olafrv (at) gmail (dot) com [email concealed]>
Pasante Ing. de Computación
Telefónica, Movistar.
-----------------------------------------------------------------------
--
"You don't know where your shadow will fall." Somebody.
-----------------------------------------------------------------------
Olaf Reitmaier Veracierta <olafrv (at) gmail (dot) com [email concealed]>
Pasante Ing. de Computación
Telefónica, Movistar.
-----------------------------------------------------------------------
them to avoid its extiction
(http://www.symantec.com/avcenter/reference/striker.pdf).
Symantec uses a heuristical engine
(http://www.symantec.com/press/2002/n020320.html) to find out virus
ocurrences. This process consist to compare "signs", each different
virus has a different "digital sign" which identifies it in a almost
unique way.
To improve the new virus detection process these signs are grouped
into a high level sign type, commonly called virus family heuristical
sign, the generic ones you refer to. With these signs Symactec can
detect virus which suffered slight variations in their specific signs.
This process is like validating your personal sign againts other that
seem to be the yours one.
You have to try to investigate the specific virus (sign) name,
starting from the family virus (sign) name, although names are not
equals to signs, they represent the human readeable form of signs.
2005/7/7, Hussain Salim <bo_ali90 (at) hotmail (dot) com [email concealed]>:
> hi,
> i want to know somenthing about generic detecion for example symantec detect
> some viruses and trojans as trojan.horse or backdoor.trojan why? why don't
> they detect them as a special name to know more information about them to
> fix what they do and thx.
>
> im asking this question because i got many trojan.horse and backdoor.trojan
> and there is no technical details for them to know more information to fix
> what they do in my computer :( .
>
> _________________________________________________________________
> Want to block unwanted pop-ups? Download the free MSN Toolbar now!
> http://toolbar.msn.co.uk/
>
>
--
"You don't know where your shadow will fall." Somebody.
-----------------------------------------------------------------------
Olaf Reitmaier Veracierta < olafrv (at) gmail (dot) com [email concealed]>
Pasante Ing. de Computación
Telefónica, Movistar.
-----------------------------------------------------------------------
--
"You don't know where your shadow will fall." Somebody.
-----------------------------------------------------------------------
Olaf Reitmaier Veracierta <olafrv (at) gmail (dot) com [email concealed]>
Pasante Ing. de Computación
Telefónica, Movistar.
-----------------------------------------------------------------------
[ reply ]