Virus Concealment
|
Virus concealment, or how the method through which a virus hides from
anti-viruses and users, typically takes the form of what is called
encryption. One type of encryption is
XOR encryption.
XOR encryption takes a specified code offset, and loads each sequential byte
into the AL register, where an XOR operation is performed on it, then the new
byte is copied over the old. This is done until the amount of bytes specified by
the beginning offset minus the ending offset are encrypted.
Other Concealment types alter the DOS interrupts so that the file size is
reported to be normal, but is actually not.
Also, some viruses load themselves into certain parts of memory so that it can
survive reboots.
|