Differences between current version and revision by previous author of PolyMorphicVirusses.
Other diffs: Previous Major Revision, Previous Revision, or view the Annotated Edit History
| Newer page: | version 6 | Last edited on Thursday, June 3, 2004 8:22:56 pm | by AristotlePagaltzis | |
| Older page: | version 5 | Last edited on Thursday, June 3, 2004 6:48:07 pm | by PerryLorier | Revert |
@@ -1,16 +1 @@
-A polymorphic virus is a virus that can dynamically change it's binary code. As it changes its binary code, it also doesn't have a fixed patern of bytes that can be scanned for.
-
-Virusses clearly are programs. they can have a significant size that make them easy to scan for.
-Step one to make a virus polymorphic is to encrypt the most of the program using some form of encryption. However the decrypter would probably still be the same, making a virus scanner scan for that.
-
-However for a certain decryption e.g. a fix XOR of all bytes of the code, several different implementations are possible e.g. by:
-# permutation of registers
-# replacing register moves by Push Pop operations
-# using jmp instructions to alter the order of instructions
-# inserting NOP operations
-# inserting dummy operations that have no effect on the normal flow
-etc. etc.
-
-polymorphic virusses include a mutation engine that can create millions of different implementations of the same algorithm. this makes these virusses very difficult to detect by antivirus programs
[ClamAV
].
-
-[http://en.wikipedia.org/wiki/Computer_virus]
+Describe
[PolyMorphicVirusses
] here
.
