Differences between current version and previous revision of PolyMorphicVirus.
Other diffs: Previous Major Revision, Previous Author, or view the Annotated Edit History
Newer page: | version 3 | Last edited on Tuesday, June 22, 2004 10:27:58 am | by AristotlePagaltzis | |
Older page: | version 2 | Last edited on Tuesday, June 22, 2004 9:28:50 am | by StuartYeates | Revert |
@@ -4,5 +4,5 @@
* Rearranging parts of the code using jumps to alter the order of execution
* Inserting dummy operations that have no effect, such as NOPs
* Permuting the registers used in the code
-Most [PolyMorphicVirus]es also encrypt themselves, only leaving a short decryption routine unencrypted. Of course, it gets jumbled the same as the rest of the code, since it might otherwise contain a characteristic enough byte pattern to scan for. Together, these techniques can lead to billions of representations of the same code. It can be hard for antivirus programs to detect them all reliably without many false positives.
+Most [PolyMorphicVirus]es also encrypt themselves, only leaving a short decryption routine unencrypted. Of course, it gets jumbled the same as the rest of the code, since it might otherwise contain a characteristic enough byte pattern to scan for. Together, these techniques can lead to billions of representations of the same code. It can be hard for antivirus programs to detect them all both
reliably and
without many false positives.