How can i determine whether a program code is malicious?
(I read somewhere that security researchers couldn't find anything malicious about the Router 'malware' called ifwatch)
How do they determine whether a code is malicious or not?
is there specific methods to look for that seem to have malicious intents?
halp?
4 Responses
Now a days, there is so much technology to camouflage viruses that you have to know a lot about programs in order to decode them and determine whether there is a backdoor connection.
However, there are ways that you can make an educated decision to download and run a certain program and there are ways to protect yourself from malicious files.
Here's an article I found with a google search about the topic.
If you want some in-depth informations, look for how an antivirus is working.
Basically, an antivirus will compare the signature of the 'program to analyze' with all the known malware signatures.
So it mean that they wont be able to identify a new malware immediately, but after a 'certain' number of infections.
To compensate, they also identify a type of known modifications inside a program, this is why it's a 'bad' habit to test the solidity of a just-created malware with an online antivirus, or connected antivirus on your pc.
Thank you! This should help new users.
Yea this is the basic knowledge, in the case of Ifwatch, the admins could have knew something if they could notice the changes.
It mean that they should have monitored the logs and created the good alerts in order to stay tuned to the critics changes of the system.
But if they have did that, they would have also uninstall telnet i guess.
Share Your Thoughts