What Does A Virus Signature Look Like And Which Software Do I Need To See One?

When people hear the word virus they tend to freeze up more than normal.

They do not know what a virus consists of so they put bad thoughts into their mind about how it is some kind of weird mechanism.

Their thoughts float to ideas like a biological virus creeping through their computer.

That is not the case at all though – a virus is just like a normal program.

The only difference is that it goes through your computer looking to do bad things to it which it is able to do in two different ways – through either bending the rules of what is allowed on the machine or by breaking the rules altogether and finding an exploit in the machine.

There is a slight but subtle difference between the two methods and that difference matters.

If the software that is being run allows the virus to do bad things to the computer then that means that it is a sloppy written program.

If the virus is able to do the bad things to the computer because it has found an exploit then that is another matter all together.

That goes beyond a sloppily written program and borders on carelessness.

virus signatures and IDA Pro

virus signatures and IDA Pro

Most companies have code review boards that try to make sure that this kind of thing doesn’t happen.

Sure, everyone makes mistakes, but this is kind of a big one.

If a virus is nothing but a normal program then how can someone tell they have been infected?

And how is the antivirus program on my system able to distinguish between an infection and a safe program?

In the following paragraphs I will take a look at this question and show you how you and your software is able to tell when a virus infection is going on in your computer.

You Don’t Need A Microscope To Read A Virus

When you are looking at a virus, you do not need a microscope or any special piece of hardware.

There are several software programs that anyone can run on their computer to see the insides of a virus; there are many programs both free, open sourced and premium that will allow you to do this.

One of the most popular pieces of software is one that is called IDA Pro.

It is very popular with both side of the security community.

There is no other software out there that will give you such a detailed graphical representation of the programs on your computer and it is able to read many different formats as well.

While you are in your x86 based computer you will be able to read the byte code from other CPU based computers.

This is amazing because this type of software is not supposed to be able to run on your type of computer but thanks to IDA Pro it can.

But, as I said before, there is more software out there that will do the same thing but IDA Pro is the best in my opinion.

It does have a steeper learning curve than the other software out there but once you learn it you will be off and running.

Virus Signatures

When I say signature what I mean is what the software is accessing at the time.

There are different functions that reside in your computer; to be able to interact with your computer a program must be able to access these functions.

There are some functions that are fairly benign and there are some functions that can cause a little damage if a program got hold of them.

Functions like this are usually in the kernel of the operating system.

No user access programs are supposed to have access to this level of the kernel which means that the virus was able to use an exploit to get there and cause a corruption.

If that is the case then the rest of the system can be in real trouble.

So when a researcher is looking at the program and seeing what functions it accesses, he is making sure that the program is not able to do considerable damage.

The thing about a virus is that it doesn’t have to go kernel deep to cause damage, all it has to do is to be able to disrupt your computer in some manner.

If that means that it is able to throw pop ups at you every five minutes to get you to buy some fake antivirus software then that is what it will do.

That doesn’t take a lot of skill and is easy to fix if the person knows what they are doing.

A Virus Is Not The Only Program That Leaves A Signature

All programs leave a signature of some kind and that includes other types of malware as well; a virus is not the only one.

Security researchers are able to tell the difference between the threats because of looking at the signatures.

It is a hard job to be able to stare at assembly language all day trying to find the threats on your computer but security researchers are the kind of guys who love doing it.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Speak Your Mind