Ushbu modulda biz antivirus dasturlarining maqsadi va vendorlar tomonidan zararli kodni aniqlash uchun qo‘llaniladigan eng keng tarqalgan usullar haqida muhokama qildik. Biz antivirus bypass usullarini qisqacha tushuntirdik, ular diskda va xotirada shellcode injection ning turli texnikalarini o‘z ichiga oladi, shuningdek Shellter va PowerShell yordamida muvaffaqiyatli bypass larni namoyish etdik.

Garchi biz ikkala misolimizda antivirus aniqlashdan muvaffaqiyatli o‘tib ketgan bo‘lsak ham, malware detection va evasion sohasida faqat yuzaki ma’lumotlarga ega bo‘ldik. Malware yozuvchilari zamonaviy himoya mexanizmlaridan qochish uchun qancha harakat talab qilishi haqida ko‘proq ma’lumot olish uchun Microsoftning ajoyib maqolasi “FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines”1 ni o‘qishni, shuningdek Emeric Nasi ning maqolasida keltirilgan bir nechta ilg‘or evasion texnikalarini ko‘rib chiqishni tavsiya qilamiz.2

1(Microsoft, 2018), https://cloudblogs.microsoft.com/microsoftsecure/2018/03/01/finfisher-exposed-a-researchers-tale-of-defeating-traps-tricks-and-complex-virtual-machines/ ↩︎

2(Emeric Nasi, 2014), https://web.archive.org/web/20210317102554/https://wikileaks.org/ciav7p1/cms/files/BypassAVDynamics.pdf ↩︎