The Win32 worms: classification and possibility of heuristic detection

Taras Malivanchuk Computer Associates

The Win32 platform executable worms have been the most widely distributed malware for a long time. The presence of heuristic detection may decrease the risk of new worms. Heuristic detection is possible if a new worm is more or less a re-development of an existing one, using at least the same method of replication.

For heuristic detection, we need to know the file structure and viral features that the worm uses.

The worms are classified by compiler type (lowlevel, MS C, Borland C, Delphi, Visual Basic) and by their method of replication (SMTP, MAPI, OLE, network shares, IRC, ICQ , secutity holes etc. ). For each type, the methods of replication and the possibility of heuristic detection are analysed.



twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.