Hi Tom,
Tom Wasson to Paul Walker, 30 Dec 97 03:26.
TW> Please elaborate. By stealth viruses, are you referring to those
TW> that don't reside in the program file?
No, although those can also use stealth - but as they're not in the program
file, you're not going to catch them with a CRC anyway. But I wander.. ;)
Stealth means that the virus takes steps to hide itself from anything that
happens to look - in executables, for example, it removes all traces of
itself from the file before handing over control, and re-infects after the
program has finished. Boot-sector viruses will present the original sector
rather than the modified one if asked for it, and so on. They can be quite
complex at doing this.
These can only be resident viruses, of course. ;)
Paul (p.r.walker@warwick.ac.uk)
... "Bother," said Pooh as he started to install Windows.
--- FMail/386 1.22
---------------
* Origin: Do your homework in the dark. (2:254/60.11)
|