Differences between version 2 and revision by previous author of PolyMorphicVirus.
Other diffs: Previous Major Revision, Previous Revision, or view the Annotated Edit History
| Newer page: | version 2 | Last edited on Tuesday, June 22, 2004 9:28:50 am | by StuartYeates | Revert |
| Older page: | version 1 | Last edited on Thursday, June 3, 2004 8:22:51 pm | by AristotlePagaltzis | Revert |
@@ -4,5 +4,5 @@
* Rearranging parts of the code using jumps to alter the order of execution
* Inserting dummy operations that have no effect, such as NOPs
* Permuting the registers used in the code
-Most [PolyMorphicVirus]es also encrypt themselves, only leaving a short decryption routine unencrypted. Of course, it gets jumbled the same as the rest of the code, since it might otherwise contain a characteristic enough byte pattern to scan for. Together, these techniques can lead to billions of representations of the same code. It can be hard for antivirus programs to detect them all reliably.
+Most [PolyMorphicVirus]es also encrypt themselves, only leaving a short decryption routine unencrypted. Of course, it gets jumbled the same as the rest of the code, since it might otherwise contain a characteristic enough byte pattern to scan for. Together, these techniques can lead to billions of representations of the same code. It can be hard for antivirus programs to detect them all reliably without many false positives
.
