Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Heuristic analysis

Heuristic analysis is a solution to the problem of differentiating 3080>virus infiltration from a clean code. It is done by means of an inductive process using inbuilt previous experiences and anti-virus expert knowledge. The program analyses the instructions contained in the code of the object being followed simulates their effects and on the basis of their response it judges the possible closeness to a response typical for viruses. It evaluates the found facts and, if it decides to identify the file as infected, it will prepare a simple characteristic of the attacking file. The characteristic uses the following words to describe a virus:

STEALTH – it uses 3077>Stealth technologies
POLY – it is polymorphic
CRYPT – it is encrypted
TUNELL – it tries to find out the original interrupts entrance by means of tunnelling
TSR – it is memory resident
COM – it attacks COM files
EXE – it attacks EXE files
SYS – it attacks SYS files
WINDOWS – it attacks specifically files designed for Windows
WIN95 – it attacks files executable in v PE format
COMPANION – it uses the satellite technique of infection
DRIVER – it is installed to memory as a system controller
BOOT – it attacks Boot sector, occasionally also MBR
MACRO – the file contains macros that are typical for viruses

Specific words are in the characteristic are separated by a full stop.

© 1992-2004 ESET s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.