Category: Uncategorized

POSSIBILITY VS PROBABILITY. "Several parties have attempted calculations of the likelihood of viruses evolving from "inanimate code" by random mutation. In general, the time estimated for such an event was several times the lifespan of the universe. Yet most studies shared significant flaws in that the calculations were based on a single instance of a random sequence of code evolving into a specific virus of the same length. This is clearly incorrect and on par with watching a dog, in the hope it will turn into a cat." https://lnkd.in/g5hUBjg View in LinkedIn

PERSISTENT ADAPTATION. "Thompson has already described a virus using the AT&T C compiler as a host that can infect other C compilers and persist across platforms, software upgrades and changes of operating system." https://lnkd.in/g5hUBjg View in LinkedIn

LITTLE OPPOSITION. "Polymorphic and metamorphic malware are evolving. Discovery in real-time or postmortem is difficult. Limited resources are applied." https://lnkd.in/ddUukF9 View in LinkedIn

CROSSING SPECIES BARRIERS. "Finally, it is not impossible for a viral species to cross computing platform barriers. A programmer may adapt a pre-existing virus for a new environment.” https://lnkd.in/g5hUBjg View in LinkedIn

ADVANCED POLYMORPHIC ENGINES "generate different instructions which do the same thing; swaps groups of instructions; creates calls to dummy routines; generates lots of conditionals jumps; embeds anti-debugging tricks; inserts junk instructions into real code." https://lnkd.in/d3T75KG View in LinkedIn

CODE BUILDER. "MSIL/Gastropod is a code-builder virus: It reconstructs its own host program with itself. This method allows the virus body to be placed to an unpredictable position within the host program." https://lnkd.in/d_2z5qc View in LinkedIn

DECOMPILING VIRUSES. "Some new MSIL viruses, such as MSIL/Gastropod, already support semi-metamorphic (permutating) code generation under the .NET Framework. Such viruses have a great advantage because they do not need to carry their own source code. Instead, viruses can simply decompile themselves to generate new binaries." https://lnkd.in/d_2z5qc View in LinkedIn

ZMIST VIRUS "does not alter the entry point of the host. Instead, it merges with the existing code, becoming part of the instruction flow. However, the code's random location means that sometimes the virus will never receive control. If the virus does run, it will immediately launch the host as a separate process and hide the original process (if the RegisterServiceProcess() function is supported on the current platform) until the infection routine completes. Meanwhile, the virus will begin searching for files to infect." https://lnkd.in/d_2z5qc View in LinkedIn

ZMIST VIRUS. "The Mistfall engine contained in the virus is capable of decompiling PE files to their smallest elements, requiring 32MB of memory. Zmist will insert itself into the code; it moves code blocks out of the way, inserts itself, regenerates code and data references (including relocation information), and rebuilds the executable. This is something that has never been seen in any previous virus." https://lnkd.in/d_2z5qc View in LinkedIn

W95/BISTRO. "If a virus or a 32-bit worm were to implement a similar morphing technique, the problem could be major. New mutations of old viruses and worms would be morphed endlessly! Thus, a virtually endless number of not-yet-detectable viruses and worms would appear without any human intervention, leading to the ultimate virus generator." https://lnkd.in/d_2z5qc View in LinkedIn