Sandbox II : Worms and Viruses

Last year I presented how a simulated computer, which is integrated inside the scanner engine, can detect viruses based on actual performance. I demonstrated regular file replication for regular Win32 PE infectors. However, regular file replicating viruses do not pose the biggest threat – worms and viruses spreading through the Internet do. I will demonstrate how detection of these critters can be applied to the simulated computer, how these simulated computers can ‘network’ inside a single scanner engine, opening shares and communicate with a simulated SMTP server, how we deal with run-time libraries, e.g. Visual Basic DLLs, what is possible to simulate and what is not.

Click Here to download this article

Share this article

Receive all the latest articles by email!

Get all articles delivered directly to your mailbox as and when they are released on WindowSecurity.com! Choose between receiving instant updates with the Real-Time Article Update, or a monthly summary with the Monthly Article Update.



Receive all the latest articles by email!

Receive Real-Time & Monthly WindowSecurity.com article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become a WindowSecurity.com member!

Discuss your security issues with thousands of other network security experts. Click here to join!

Community Area

Log in | Register

Solution Center

Readers' Choice

Which is your preferred Authentication solution?