tag:blogger.com,1999:blog-14114712.post114804368846538940..comments2024-03-03T02:04:07.138-08:00Comments on ADD / XOR / ROL: halvar.flakehttp://www.blogger.com/profile/12486016980670992738noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-14114712.post-1148062526540635122006-05-19T11:15:00.000-07:002006-05-19T11:15:00.000-07:00Ultimately, I think you need both behavior and cod...Ultimately, I think you need both behavior and code classification. There's some danger in saying that "this is just another copy of malware.yyz", when in fact it is, but now has a working download link, and that's all that has changed. I won't argue that it still isn't "malware.yyz" and not "malware.yza", depending. But some simple change that doesn't change the "code" can still make a huge difference in how you have to treat it.Ryan Russellhttps://www.blogger.com/profile/13265663681454609204noreply@blogger.com