{"id":1310,"date":"2015-08-18T08:52:42","date_gmt":"2015-08-18T00:52:42","guid":{"rendered":"http:\/\/staging.bankvaultonline.com\/?p=1310"},"modified":"2015-08-18T08:52:42","modified_gmt":"2015-08-18T00:52:42","slug":"how-viruses-hide-self-modification","status":"publish","type":"post","link":"https:\/\/www.bankvault.com\/how-viruses-hide-self-modification\/","title":{"rendered":"How Viruses Hide: Self-Modification"},"content":{"rendered":"<p>Viruses, like Woody Allen in \u2018Zelig\u2019 have the ability to change their identity and look and feel. One method of doing this is called <strong>\u2018Self-Modification.\u2019<\/strong><\/p>\n<p>Understanding self-modification requires understanding the dominant way anti-virus software identifies evil code. The process is called scanning for virus signatures. This is less sophisticated than the term implies. Anti-virus software scans files on your computer, takes samples of code in files and compares them to a database of known virus snippets. It\u2019s not unlike taking a section of one\u2019s DNA and comparing it to the same section of the same DNA. You would see a perfect match.<\/p>\n<p>That&#8217;s how it works in theory but in the world of anti-virus software this is not failsafe. To do it with 100% accuracy the anti-virus software would have to compare the entire virus code base against the entire code base of the computer it\u2019s trying to protect. This would be physically impossible. It would shut down the machine. Instead antivirus companies use snippets of viruses \u2013 more like search strings.<\/p>\n<p><strong>Here\u2019s where self-modification enters the picture. <\/strong> Some classes of viruses hide themselves by tracking the code snippets used to identify them and altering them every time the virus is injected into a new machine. In effect they change their signature so that it is unique on every infected machine. The anti-virus program is none the wiser. It doesn\u2019t get any positive matches and therefore believes no virus is present.<\/p>\n<p><strong>Next up: Virus Self-Encryption<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Viruses, like Woody Allen in \u2018Zelig\u2019 have the ability to change their identity and look and feel. One method of doing this is called \u2018Self-Modification.\u2019 Understanding self-modification requires understanding the dominant way anti-virus software identifies evil code. The process is called scanning for virus signatures. This is less sophisticated than the term implies. Anti-virus software [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[356],"tags":[23,95,99,443],"class_list":["post-1310","post","type-post","status-publish","format-standard","hentry","category-explainers","tag-cyber-security","tag-how-viruses-hide","tag-self-modification","tag-virus-signature-scanning"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How Viruses Hide: Self-Modification - BankVault<\/title>\n<meta name=\"description\" content=\"Wonder how viruses fail to be detected by anti-virus software? One of the ways is through self-modification. Read this to find out how it works!\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.bankvault.com\/how-viruses-hide-self-modification\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How Viruses Hide: Self-Modification - BankVault\" \/>\n<meta property=\"og:description\" content=\"Wonder how viruses fail to be detected by anti-virus software? One of the ways is through self-modification. Read this to find out how it works!\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.bankvault.com\/how-viruses-hide-self-modification\/\" \/>\n<meta property=\"og:site_name\" content=\"BankVault\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/BankVaultOnline\/\" \/>\n<meta property=\"article:published_time\" content=\"2015-08-18T00:52:42+00:00\" \/>\n<meta name=\"author\" content=\"BankVault\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@bankvaultonline\" \/>\n<meta name=\"twitter:site\" content=\"@bankvaultonline\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"BankVault\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How Viruses Hide: Self-Modification - BankVault","description":"Wonder how viruses fail to be detected by anti-virus software? One of the ways is through self-modification. Read this to find out how it works!","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.bankvault.com\/how-viruses-hide-self-modification\/","og_locale":"en_US","og_type":"article","og_title":"How Viruses Hide: Self-Modification - BankVault","og_description":"Wonder how viruses fail to be detected by anti-virus software? One of the ways is through self-modification. Read this to find out how it works!","og_url":"https:\/\/www.bankvault.com\/how-viruses-hide-self-modification\/","og_site_name":"BankVault","article_publisher":"https:\/\/www.facebook.com\/BankVaultOnline\/","article_published_time":"2015-08-18T00:52:42+00:00","author":"BankVault","twitter_card":"summary_large_image","twitter_creator":"@bankvaultonline","twitter_site":"@bankvaultonline","twitter_misc":{"Written by":"BankVault","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.bankvault.com\/how-viruses-hide-self-modification\/#article","isPartOf":{"@id":"https:\/\/www.bankvault.com\/how-viruses-hide-self-modification\/"},"author":{"name":"BankVault","@id":"https:\/\/www.bankvault.com\/#\/schema\/person\/76e0aa85d5ac5405b47c0760eb9ab639"},"headline":"How Viruses Hide: Self-Modification","datePublished":"2015-08-18T00:52:42+00:00","dateModified":"2015-08-18T00:52:42+00:00","mainEntityOfPage":{"@id":"https:\/\/www.bankvault.com\/how-viruses-hide-self-modification\/"},"wordCount":253,"commentCount":0,"publisher":{"@id":"https:\/\/www.bankvault.com\/#organization"},"keywords":["cyber security","how viruses hide","self-modification","virus signature scanning"],"articleSection":["Explainers"],"inLanguage":"en-AU","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.bankvault.com\/how-viruses-hide-self-modification\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.bankvault.com\/how-viruses-hide-self-modification\/","url":"https:\/\/www.bankvault.com\/how-viruses-hide-self-modification\/","name":"How Viruses Hide: Self-Modification - BankVault","isPartOf":{"@id":"https:\/\/www.bankvault.com\/#website"},"datePublished":"2015-08-18T00:52:42+00:00","dateModified":"2015-08-18T00:52:42+00:00","description":"Wonder how viruses fail to be detected by anti-virus software? One of the ways is through self-modification. Read this to find out how it works!","breadcrumb":{"@id":"https:\/\/www.bankvault.com\/how-viruses-hide-self-modification\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.bankvault.com\/how-viruses-hide-self-modification\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.bankvault.com\/how-viruses-hide-self-modification\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.bankvault.com\/"},{"@type":"ListItem","position":2,"name":"How Viruses Hide: Self-Modification"}]},{"@type":"WebSite","@id":"https:\/\/www.bankvault.com\/#website","url":"https:\/\/www.bankvault.com\/","name":"BankVault","description":"cybersecurity","publisher":{"@id":"https:\/\/www.bankvault.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.bankvault.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-AU"},{"@type":"Organization","@id":"https:\/\/www.bankvault.com\/#organization","name":"BankVault","url":"https:\/\/www.bankvault.com\/","logo":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.bankvault.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.bankvault.com\/wp-content\/uploads\/2018\/11\/BankVault-Logo-Light.png","contentUrl":"https:\/\/www.bankvault.com\/wp-content\/uploads\/2018\/11\/BankVault-Logo-Light.png","width":1212,"height":275,"caption":"BankVault"},"image":{"@id":"https:\/\/www.bankvault.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/BankVaultOnline\/","https:\/\/x.com\/bankvaultonline"]},{"@type":"Person","@id":"https:\/\/www.bankvault.com\/#\/schema\/person\/76e0aa85d5ac5405b47c0760eb9ab639","name":"BankVault","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.bankvault.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=mm&r=g","caption":"BankVault"},"url":"https:\/\/www.bankvault.com\/author\/bankvault\/"}]}},"_links":{"self":[{"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/posts\/1310","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/comments?post=1310"}],"version-history":[{"count":0,"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/posts\/1310\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/media?parent=1310"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/categories?post=1310"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/tags?post=1310"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}