Reply to post: Re: Checksum? Hash?

UEFI malware rears ugly head again: Kaspersky uncovers campaign with whiff of China

phuzz Silver badge

Re: Checksum? Hash?

"why doesn't a regular scan detect these attacks"

Most virus scanners start off by just comparing the hash of a file to a list of known viruses/malware, which means that all it takes is some padding, and a virus won't be detected.

More modern antivirus software can do some more in depth analysis, as well as monitoring for activity which might indicate a virus (eg, trying to modify which programs are launched at startup), but at the end of the day, most antivirus is helpless against a targeted attack.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021