EvilZone
Hacking and Security => Hacking and Security => : badass87 June 08, 2014, 05:48:01 PM
-
Please give me a detailed answer. I'm not trying to write any malware (even if I wanted to, I never would as I clearly don't understand it fully), I'm just interested in computer security and I've don't get how stuff hides from the antivirus on a technical level. Everywhere I look for an explanation, it never actually explains the technical stuff, and it always just says something like "it hides from the antivirus". Could anyone here explain some typical techniques used by malware to hide from antivirus software? Looking for stuff like working with memory in a way that it goes undetected or installing to a certain location in the filesystem (those probably aren't actual methods, but just as examples of the technical description I'm looking for). Also, how does malware sometimes kill antivirus software?
Thanks for your time.
-
Go and write an intro first, we have an intro board also.
-
Smoke and mirrors aka obfuscation.
Also search up (on Google or here) self-hiding malware. You'll find your answer.
-
Read my ebook: https://evilzone.org/tutorials/%28ebook%29-handbook-about-crypters-and-binders/
-
short answer, it looks for patterns and common known code that are in programs. For example, things that are produced by MSF, have a similar code structure. The AV knows this, and catches programs that it see's have that code structure.
Long answer, if you really want to know how it works, get something you know is infected, and clean it and scrub it until you find the code that the AV detects, change it around so that it still works but looks different, and by then you will fully understand the general principles.