Penguin
Diff: PolyMorphicVirusses
EditPageHistoryDiffInfoLikePages

Differences between current version and predecessor to the previous major change of PolyMorphicVirusses.

Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History

Newer page: version 6 Last edited on Thursday, June 3, 2004 8:22:56 pm by AristotlePagaltzis
Older page: version 4 Last edited on Thursday, June 3, 2004 8:12:44 am by RuudSchramp Revert
@@ -1,16 +1 @@
-A polymorphic virus is a virus that can dynamically change it's binary code. As it changes its binary code, it also doesn't have a fixed patern of bytes that can be scanned for.  
-  
-Virusses clearly are programs. they can have a significant size that make them easy to scan for.  
-Step one to make a virus polymorphic is to encrypt the most of the program using some form of encryption. However the decrypter would probably still be the same, making a virus scanner scan for that.  
-  
-However for a certain decryption e.g. a fix XOR of all bytes of the code, several different implementations are possible e.g. by:  
-1) permutation of registers  
-2) replacing register moves by Push Pop operations  
-3) using jmp instructions to alter the order of instructions  
-4) inserting NOP operations  
-5) inserting dummy operations that have no effect on the normal flow  
-etc. etc.  
-  
-polymorphic virusses include a mutation engine that can create millions of different implementations of the same algorithm. this makes these virusses very difficult to detect by antivirus programs [ClamAV ].  
-  
-[http://en.wikipedia.org/wiki/Computer_virus]  
+Describe [PolyMorphicVirusses ] here