Skip navigation.

Induc foolish detection by anti viruses

Hello researchers,

recently i came across a blog about detection of induc by av's.

Really interesting work.

I think i can explain why

I think i can explain why this happens. Afaik Induc is a Delphi File infector, it writes itself during compiling in the original program (i don't exactly know where and how). In this case the av signature has propably not been created over the malicious part (inserted by Induc) but over the "good" part of the program. This explains why the file is still detected as Induc although the malicious part has been removed.


You are exactly correct

you are exactly correct.