Ask the Expert

Is there antivirus software that detects malware files via database files?

I have heard that some viruses have their own database files from which an antivirus program can detect and quarantine it. Is it true? Why would a virus have a database file or dispatch files within it?

    Requires Free Membership to View

Viruses or malware generally contain many different types of files included with them to support their malicious operations. Almost all viruses will have some sort of executable code used for infecting the machine, as well as associated supporting files like libraries. Then, some malware will contain other executable code, like a rootkit, to fully takeover a machine. There is also malware that includes database files of IP addresses, domain names, URLs or other means of connecting to its management infrastructure, though more advanced bots are now auto-generating URLs or domain names to avoid detection. Malware could also use a database of the checksums and files in its operation to ensure only legitimate files are used in the malicious operations to protect from rival malware. The malware may even contain encryption keys used in securing its communications.

Antimalware and antivirus programs can detect a large number of different types of malicious files and activity. Traditional antimalware software detects malware files based on antimalware definitions -- these are essentially signatures -- to identify malicious or infected files and then quarantine them. And the fact that malware includes database files will make it easily detectable by antimalware software. Many antimalware programs are now also using behavioral mechanisms to augment the signature-based detections.

This was first published in July 2010

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: