The Sorcerer
Ready Rangers Liberation Front [7]
July 2006
An old anti-virus (AV) technique that is over looked by most virus writers is X-Ray Detection. X-Ray detection is a simple method for detecting encrypted viruses and works on more than 50% of existing encrypted viruses today. Have you ever wondered why your new polymorphic, entry point obscuring virus is detected by the AV software? The chances are that they have found a X-Ray for your encryption scheme. These methods are called X-Rays because they enable the AV software to see the insides of your virus encryption protection without having to emulate your virus.