Definition[]
All viruses cause modification of executables in their replication process. As a result, the presence of viruses can also be detected by searching for the unexpected modification of executables. This process (called detection of modification) is sometimes called integrity checking.
Detection of modification may also identify other security problems, such as the installation of Trojan horses. Note that this type of detection tool works only after infected executables have been introduced to the system and the virus has replicated.[1]
References[]
- ↑ NIST Special Publication 800-5, at 2.1.3.