Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
General Topics
»
Checksum best weapon against Polymorphic viruses
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Checksum best weapon against Polymorphic viruses (Read 2433 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 34065
malware fighter
Checksum best weapon against Polymorphic viruses
«
on:
February 27, 2010, 11:07:38 PM »
Hi malware fighters,
Creating polymorphic viruses has been done by malcreants for a very long time now and dates back to the previous century. Here is a list of known Polymorphic Generators:
http://vx.netlux.org/lib/static/vdat/polyinvr.htm
One of the first of these was MtE
http://www.ca.com/us/securityadvisor/pest/pest.aspx?id=453076400
other old generators were known as BWME - DAME - DSCE - DGME - MutaGen - GPE - NED
First thing to do was to load the first byte of the coded fragment of the registry address
Then load the length of the coded function to the registry address
Give in the coding-decoding instruction
Enlarge the registry address
etc. etc.
The best procedure to detect these viruses is checksumming. Good tool for you is checksumtool:
http://checksumtool.sourceforge.net/
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
CharleyO
Guest
Re: Checksum best weapon against Polymorphic viruses
«
Reply #1 on:
February 28, 2010, 05:22:57 AM »
***
So far, there are only Alpha releases available ... no betas nor stable releases available yet.
***
Logged
spg SCOTT
Guest
Re: Checksum best weapon against Polymorphic viruses
«
Reply #2 on:
February 28, 2010, 02:54:30 PM »
Some more:
http://portableapps.com/apps/utilities/winmd5sum_portable
http://portableapps.com/node/19346
<-- Still technically beta I think...
Logged
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
General Topics
»
Checksum best weapon against Polymorphic viruses