Q

Is there antivirus software that detects malware files via database files?

Is malware that contains database files easier to detect than other types of malware? Threats expert Nick Lewis explains.

I have heard that some viruses have their own database files from which an antivirus program can detect and quarantine it. Is it true? Why would a virus have a database file or dispatch files within it?
Viruses or malware generally contain many different types of files included with them to support their malicious operations. Almost all viruses will have some sort of executable code used for infecting the machine, as well as associated supporting files like libraries. Then, some malware will contain other executable code, like a rootkit, to fully takeover a machine. There is also malware that includes database files of IP addresses, domain names, URLs or other means of connecting to its management infrastructure, though more advanced bots are now auto-generating URLs or domain names to avoid detection. Malware could also use a database of the checksums and files in its operation to ensure only legitimate files are used in the malicious operations to protect from rival malware. The malware may even contain encryption keys used in securing its communications.

Antimalware and antivirus programs can detect a large number of different types of malicious files and activity.

Traditional antimalware software detects malware files based on antimalware definitions -- these are essentially signatures -- to identify malicious or infected files and then quarantine them. And the fact that malware includes database files will make it easily detectable by antimalware software. Many antimalware programs are now also using behavioral mechanisms to augment the signature-based detections.

This was first published in July 2010

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close