What Is a Bloodhound Virus?

The term bloodhound virus was coined by a particular anti-virus vendor (Symantec) and refers to the ability to detect currently unknown viruses using heuristic detection algorithms. Symantec calls this method of detection "Bloodhound". The term bloodhound virus has since been adopted by other AV vendors when referring to previously unknown or unidentified viruses. Because they have not been categorized formally, the bloodhound viruses come in many forms; there is not a single virus or single signature for detection. For example, Symantec also identifies a group of Trojan horse programs called Bloodhound.AOLPWS.

The Bloodhound.Exploit.6 viruses take advantage of a vulnerability in how some programs (notably IE and Outlook Express) dealt with HTML content contained in CHM files. CHM is a compiled help file format created by Microsoft. Usually the virus will be detected by the anti-virus program in your temporary Internet files. The virus is also often detected in your Temp folder. Bloodhound viruses vary so the detection software needs to use heuristics to detect them. Unfortunately having AV software specifically Norton AntiVirus set to the "Highest level of protection" setting will produce many false positives. This is due to the nature of the virus and the method of detection. Some of the patterns used in legitimate content appear to be virus material.

If you keep Windows patched and updated using Windows Update, the main vulnerability that allows for infection by bloodhound viruses should be eliminated. If you don't keep your computer patched, you should. You can go to http://windowsupdate.microsoft.com and manually update the computer. Microsoft has information on bloodhound virus vulnerabilities at: http://www.microsoft.com/technet/security/bulletin/ms04-013.mspx. Symantec has information on the AOLPWS Trojan and how to remove it at: http://www.symantec.com/security_response/writeup.jsp?docid=2000-121911-5753-99

If you have another virus infection as well and can't get on the Web, can't connect to the Internet, have trouble running certain programs or can't use particular web sites, you need to triage, isolate, and clean your PC using a bootable disk and anti-virus software that runs without having to start Windows first.

To avoid infection, try to avoid Web sites that immediately produce virus alerts as soon as you connect to them, don't keep trying to connect to one if you detect and stop a virus once. The site is likely infected and not safe. Don't download and run files from a site you don't trust. Even trusted Web sites may be infected, so don't run programs or download files if you aren't sure what they are.

To learn more about malware in general check out my articles on the Differences Between Worms and Viruses, the different types of viruses, and How to Get Rid of a Trojan Horse Virus.