« previous next »
Pages: [1]   Go Down

Author Topic: Checksum best weapon against Polymorphic viruses  (Read 2358 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33913
  • malware fighter
Checksum best weapon against Polymorphic viruses
« on: February 27, 2010, 11:07:38 PM »
Hi malware fighters,

Creating polymorphic viruses has been done by malcreants for a very long time now and dates back to the previous century. Here is a list of known Polymorphic Generators: http://vx.netlux.org/lib/static/vdat/polyinvr.htm
One of the first of these was MtE http://www.ca.com/us/securityadvisor/pest/pest.aspx?id=453076400
other old generators were known as BWME - DAME - DSCE - DGME - MutaGen - GPE - NED

First thing to do was to load the first byte of the coded fragment of the registry address
Then load the length of the coded function to the registry address
Give in the coding-decoding instruction
Enlarge the registry address
etc. etc.

The best procedure to detect these viruses is checksumming. Good tool for you is checksumtool:
http://checksumtool.sourceforge.net/

polonus


Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

CharleyO

  • Guest
Re: Checksum best weapon against Polymorphic viruses
« Reply #1 on: February 28, 2010, 05:22:57 AM »
***

So far, there are only Alpha releases available ... no betas nor stable releases available yet.


***
Logged

spg SCOTT

  • Guest
Re: Checksum best weapon against Polymorphic viruses
« Reply #2 on: February 28, 2010, 02:54:30 PM »
Logged
Pages: [1]   Go Up
« previous next »