Category: Uncategorized

BADBOY VIRUS. "The order of the subroutines will be different from generation to generation, which leads to n! different virus generations, where n is the number of subroutines. BadBoy had eight subroutines, and 8!=40,320 different generations. W32/Ghost (discovered in May 2000) has 10 functions, so 10!=3,628,800 combinations. Both of them can be detected with search strings, but some scanners need to deal with such a virus algorithmically." https://lnkd.in/d_2z5qc View in LinkedIn

UNRECOGNIZABLE OFFSPRING. "Metamorphic code is used by some viruses when they are about to infect new files, and the result is that the next generation will never look like current generation. The mutated code will do exactly the same thing (under the interpretation used), but the children's binary representation will typically be completely different from the parent's." https://lnkd.in/d8eMfUk View in LinkedIn

COMPLETE REWRITE. "Metamorphic viruses often translate their own binary code into a temporary representation, editing the temporary representation of themselves and then translate the edited form back to machine code again. This procedure is done with the virus itself, and thus also the metamorphic engine itself undergoes changes, which means that no part of the virus stays the same." https://lnkd.in/d8eMfUk View in LinkedIn

LAKING PATTERN SIGNATURES. "Metamorphic code is code that when run outputs a logically equivalent version of its own code under some interpretation. This is used by computer viruses to avoid the pattern recognition of anti-virus software." https://lnkd.in/d8eMfUk View in LinkedIn

NEVER THE SAME. "Material metamorphosis does exist in real life. For instance, shape memory polymers have the ability to transform back to their parent shape when heated. Metamorphic computer viruses have the ability to change their shape by themselves from one form to another, but they usually avoid generating instances that are very close to their parent shape." (Claytronics and programmable matter). https://lnkd.in/d_2z5qc View in LinkedIn

METAMORPHIC VIRUSES. "Metamorphics are body-polymorphics." Metamorphic viruses do not have a decryptor or a constant virus body but are able to create new generations that look different. They do not use a data area filled with string constants but have one single-code body that carries data as code." https://lnkd.in/d_2z5qc View in LinkedIn

IMMUNE ESCAPE. "A program can metamorph by translating its own code into a temporary representation, edit the temporary representation of itself, and then write itself back to normal code again. As this process is done on the entire virus the engine also undergoes changes and the whole virus changes with it. The change is made, of course, to attempt to avoid scanners." Not dissimilar to cancer cells. https://lnkd.in/eAcnzhY View in LinkedIn

MORPHING CODE. "Metamorphic viruses do not have a decryptor and do not “unpack” to give a constant virus body like polymorphic viruses do. However, they are able to create new generations of the virus that look different." https://lnkd.in/eXJNZSa View in LinkedIn

STATISTICALLY UNDETECTABLE. "Metamorphic viruses transform their code as they propagate, thus evading detection by static signature-based virus scanners and have the potential to lead to a breed of malicious programs that are virtually undetectable statistically." https://lnkd.in/eXJNZSa View in LinkedIn

WIDELY USED. Self-modifying code (SMC) "broadly refers to any program that loads, generates, or mutates code at runtime. It is widely used in many of the world’s critical software systems to support runtime code generation and optimization, dynamic loading and linking, OS boot loader, just-in-time compilation, binary translation, or dynamic code encryption and obfuscation." https://lnkd.in/dzAS74T View in LinkedIn