A security administrator is investigating the compromise of a software distribution website.
Forensic analysis shows that several popular files are infected with malicious code. However,
comparing a hash of the infected files with the original, non-infected files which were restored from
backup, shows that the hash is the same. Which of the following explains this?
A.
The infected files were using obfuscation techniques to evade detection by antivirus software.
B.
The infected files were specially crafted to exploit a collision in the hash function.
C.
The infected files were using heuristic techniques to evade detection by antivirus software.
D.
The infected files were specially crafted to exploit diffusion in the hash function.