摘要 |
<p>The invention provides a method of detecting malicious code in a code-executing device (10), the method characterised in that it includes the steps of: (a) generating test data which is substantially unsusceptible to compression without reducing its information content and storing it as image data (230) in memory external to the device (10); (b) loading the test data (R0 to Rm) into memory (30) of the device (10); (c) performing a checksum calculation on the test data (R0 to Rm) stored in the memory (30) of the device (10) to generate a first checksum value, performing a corresponding checksum calculation on the image data (230) to generate a second checksum value, and the comparing the first value with the second value to determine whether or not the test data in the memory of the device (30) has been corrupted; (d) repeating step (c) until sufficient test data in the memory (30) of the device (10) is checksum tested to determine whether or not malicious code is present in the device (10). The method makes it difficult for the malicious code to conceal itself from the checksums, hence it is possible to determine whether or not the device (10) has been compromised.</p> |