Just another brief question...
As i'm writing down some definitions i'd like to know which is the preferred way to do that. I mean looking for an author signature ( e.g. "Made by xxx") is a very quick and failproof way of detection. But this really leaves the door open to the first "idiot" replacing "xxx with yyy", expecially for vb scripts.
On the other hand definitions based on pieces of code are still effective against simple revisions of the virus/worm but more prone to false positive.
Another solution would be using different parts of code inside a regex, which is cleaner but slower.
So... what are your suggestions?
Thanks again.
aCaB ha scritto:
Maybe OT, sorry but i'm new to this list.
I've got 55 virii (mostly vbs and Win32 exe's) still not detected. Is there a way to submit them or maybe some info on how to generate patterns to be added to the definition files?
I can do some reversing under win32 to avoid getting tricked by polymorphc/encripting virii.
Thanks
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
