The Win32 worms: classification and possibility of heuristic detection

Taras Malivanchuk Computer Associates

The Win32 platform executable worms have been the most widely distributed malware for a long time. The presence of heuristic detection may decrease the risk of new worms. Heuristic detection is possible if a new worm is more or less a re-development of an existing one, using at least the same method of replication.

For heuristic detection, we need to know the file structure and viral features that the worm uses.

The worms are classified by compiler type (lowlevel, MS C, Borland C, Delphi, Visual Basic) and by their method of replication (SMTP, MAPI, OLE, network shares, IRC, ICQ , secutity holes etc. ). For each type, the methods of replication and the possibility of heuristic detection are analysed.

 del.icio.us  digg this! digg this

Quick Links

Poll
The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Yes
No
I don't know
Leave a comment
View 11 comments

99 Subscription Promo

VB2012
VB2012 VB2012 will take place 26 - 28 September 2012 at the Fairmont Dallas hotel, Dallas, TX, USA.

Virus Bulletin currently has 224,242 registered users.