Avast WEBforum

Other => General Topics => Topic started by: polonus on February 27, 2010, 11:07:38 PM

Title: Checksum best weapon against Polymorphic viruses
Post by: polonus on February 27, 2010, 11:07:38 PM

Hi malware fighters,

Creating polymorphic viruses has been done by malcreants for a very long time now and dates back to the previous century. Here is a list of known Polymorphic Generators: http://vx.netlux.org/lib/static/vdat/polyinvr.htm
One of the first of these was MtE http://www.ca.com/us/securityadvisor/pest/pest.aspx?id=453076400
other old generators were known as BWME - DAME - DSCE - DGME - MutaGen - GPE - NED

First thing to do was to load the first byte of the coded fragment of the registry address
Then load the length of the coded function to the registry address
Give in the coding-decoding instruction
Enlarge the registry address
etc. etc.

The best procedure to detect these viruses is checksumming. Good tool for you is checksumtool:
http://checksumtool.sourceforge.net/

polonus

Title: Re: Checksum best weapon against Polymorphic viruses
Post by: CharleyO on February 28, 2010, 05:22:57 AM

***

So far, there are only Alpha releases available ... no betas nor stable releases available yet.


***

Title: Re: Checksum best weapon against Polymorphic viruses
Post by: spg SCOTT on February 28, 2010, 02:54:30 PM

Some more:
http://portableapps.com/apps/utilities/winmd5sum_portable

http://portableapps.com/node/19346 <-- Still technically beta I think...