Metamorphic Viruses Really Invincible ? Part 1
نویسندگان
چکیده
When you consider all the tricks that a virus writer can use to break AV scanners, metamorphic viruses, such as Win32/Evol, Metaphor (aka W32/Simile, see VB, May 2002, p.4) and W95/Zmist (see VB, March 2001 p.6) appear invincible. These viruses transform their code as they propagate, thus evading detection by analysers that rely on static information extracted from previously observed virus code. The viruses also use code obfuscation techniques to hinder deeper static analysis. Such viruses can also beat dynamic analysers by altering their behaviour when they detect that they are executing under a controlled environment.
منابع مشابه
Metamorphic Viruses Detection Technique Based on the the Modified Emulators
An article presents a new technique for metamorphic viruses detection using modified emulators, placed in the hosts of the network. Proposed technique provides the classification of the metamorphic virus in classes with the usage of the fuzzy logic. Technique makes it possible to detect the metamorphic viruses, which use obfuscation techniques. The results of experimental studies showed the eff...
متن کاملMetamorphic Virus: Analysis and Detection
Metamorphic viruses transform their code as they propagate, thus evading detection by static signature-based virus scanners, while keeping their functionality. They use code obfuscation techniques to challenge deeper static analysis and can also beat dynamic analyzers, such as emulators, by altering their behavior. To achieve this, metamorphic viruses use several metamorphic transformations, in...
متن کاملDetecting Metamorphic Viruses Using Profile Hidden Markov Models
Detecting Metamorphic Viruses using Profile Hidden Markov Models By Srilatha Attaluri Metamorphic computer viruses “mutate” by changing their structure every time they propagate. Unlike other viruses, they use code obfuscation techniques on the body of the virus and do not exhibit a common signature. With the advent of construction kits, it is easy to generate various metamorphic strains of a v...
متن کاملA highly metamorphic virus generator
Abstract: Metamorphic viruses modify their code to produce viral copies that are syntactically different from their parents. The viral copies have the same functionality as the parent but typically have no common signature. This makes signature-based virus scanners ineffective for detecting metamorphic viruses. But machine learning tool such as Hidden Markov Models (HMMs) have proven effective ...
متن کاملAnalysis and Detection of Metamorphic Computer Viruses
comparison between our approach and commercial virus scanners. I would also like to thank my friends and schoolmates for their technical and emotional support. I want to thank Yue Wang for performing the virus scanning, and Peter Hey for repairing my hard disk after it crashed at the most critical moment. Finally I want to thank my family for their understanding and support throughout my five y...
متن کامل