Metamorphic Virus: Analysis and Detection

Metamorphic viruses transform their code as they propagate, thus evading detection by static signature-based virus scanners, while keeping their functionality. They use code obfuscation techniques to challenge deeper static analysis and can also beat dynamic analyzers, such as emulators, by altering their behavior. To achieve this, metamorphic viruses use several metamorphic transformations, including register renaming, code permutation, code expansion, code shrinking, and garbage code insertion. In this article, a simple analysis of metamorphic viruses is presented, along with the techniques they use to transform their code to new generations. This article describes the evolution of the computer virus from the first-generation simple virus to the most advanced metamorphic virus. Several metamorphic techniques are described, then the description of several techniques to detect metamorphic viruses is given. Metamorphic Virus: Analysis and Detection Royal Holloway series Metamorphic virus • METAMORPHIC VIRUSES • CODE MUTATIONS • METAMORPHIC DETECTION • HEURISTIC DETECTION 2 1 THE MALWARE MENACE The recent years have been very interesting, but at the same time very frustrating for the information security professional. As information technology is expanding and improving, so are its threats. Its adversaries evolved from the 15 year old “script kiddy” to the professional hacker employed by organized crime. A recent research in the UK showed that around 97% of businesses in the UK have internet connection and around 88% have broadband, thus the thread from malicious software has never been greater. The research reports that virus infection was the biggest single cause of respondents’ worst security incidents, accounting for roughly half of them. Two-fifths of these were described as having a serious business impact. The report also informs that virus infections tended to take more effort to resolve than other incidents, some of Evgenios Konstantinou Information Security Group, Royal Holloway, Egham, Surrey, U.K.