Page 1465 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1465

own code as they travel from system to system. The virus’s
               propagation and destruction techniques remain the same, but the

               signature of the virus is somewhat different each time it infects a new
               system. It is the hope of polymorphic virus creators that this
               constantly changing signature will render signature-based antivirus
               packages useless. However, antivirus vendors have “cracked the code”
               of many polymorphism techniques, so current versions of antivirus
               software are able to detect known polymorphic viruses. However, it
               tends to take vendors longer to generate the necessary signature files

               to stop a polymorphic virus in its tracks, which means the virus can
               run free on the internet for a longer time.

               Encrypted Viruses Encrypted viruses use cryptographic
               techniques, such as those described in Chapter 6, to avoid detection.
               In their outward appearance, they are actually quite similar to
               polymorphic viruses—each infected system has a virus with a different
               signature. However, they do not generate these modified signatures by

               changing their code; instead, they alter the way they are stored on the
               disk. Encrypted viruses use a very short segment of code, known as the
               virus decryption routine, which contains the cryptographic
               information necessary to load and decrypt the main virus code stored
               elsewhere on the disk. Each infection utilizes a different cryptographic

               key, causing the main code to appear completely different on each
               system. However, the virus decryption routines often contain telltale
               signatures that render them vulnerable to updated antivirus software
               packages.


               Hoaxes

               No discussion of viruses is complete without mentioning the nuisance
               and wasted resources caused by virus hoaxes. Almost every email user
               has, at one time or another, received a message forwarded by a friend

               or relative that warns of the latest virus threat roaming the internet.
               Invariably, this purported “virus” is the most destructive virus ever
               unleashed, and no antivirus package is able to detect and/or eradicate
               it. One famous example of such a hoax is the Good Times virus
               warning that first surfaced on the internet in 1994 and still circulates
               today.
   1460   1461   1462   1463   1464   1465   1466   1467   1468   1469   1470