Harmful software has a different structure and is created using a variety of techniques. Some viruses are constructed in a very simple way, which results in the effect being easy to predict, so that antivirus software companies can easily understand the operation of such a scheme and create the appropriate virus signatures that will make it easier to detect and therefore increase the chance to use any countermeasures. Unfortunately, some pests are designed in such a professional manner that their analysis is very difficult, sometimes even impossible. An example of such malware is a virus Regin, who its activities in the network began in 2008, and the first of its tracks were visible as early as 2003. What does the virus?
Its range of activities varies greatly. The software can analyze network traffic, take screenshots, record characters typed on a keyboard, monitor USB devices that have been connected to the computer, including your webcam and microphone, and recover deleted data from your hard drive. Viruses are more advanced than many of software utilities created by so called white-hat programmers.
Why, despite such a broad range of skills is it so difficult to detect that virus and security experts have only now started a more in-depth analysis? The software runs in several phases. At the beginning the architecture of the hardware is detected and, based on it, a special configuration is created, then the appropriate drivers are loaded into the kernel, and in this moment, the removal of traces of the previous work happens so that your antivirus software is unable to raise an alarm and the end of the process relevant module is loaded. Virus as mentioned has a modular structure, and each of them is responsible for performing a specific activity for themselves. In addition, each time loading malware is encrypted, and the key to decrypt the next element is located in the former.