1 / 11

Polymorphism in Computer Viruses

Polymorphism in Computer Viruses. CS265 Security Engineering Term Project Puneet Mishra. Definitions. A computer virus is a program with malicious intent to cause abnormal disruption of the operation of a computer

molsen
Download Presentation

Polymorphism in Computer Viruses

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Polymorphism in Computer Viruses CS265 Security Engineering Term Project Puneet Mishra

  2. Definitions • A computer virus is a program with malicious intent to cause abnormal disruption of the operation of a computer • Polymorphism : The occurrence of different forms, stages, or types in individual organisms or in organisms of the same species, independent of sexual variations

  3. Polymorphism : Scenario • Biological • Counter environmental threats • Computer Science • Absent • Good Software Engineering Practice • Design Flaws Propagated

  4. Polymorphic Virus • Avoid Detection by pattern matching scanners • Incorporate • Randomness and Complexity via Code Obfuscation • Produces multiple functionally equivalent copies of itself

  5. History • First known example Chameleon, 1991 • First widespread effect Tequila, 1991 • Code transformation • Polymorphic Generators • Bulletin Boards • Examples • MtE by Dark Avenger

  6. Polymorphism Techniques and Virus Detection • Hide and Seek Game • Polymorphic Generators • OBJ files linked to virus

  7. Classification of Polymorphic Virus • Classification by Dr. Solomon • Level 1: Set of Encryp/Decryp • Level 2: One or several constant instructions • Level 3: Unused functions / Instructions eg. NOP etc.

  8. Classification of Polymorphic Virus • Level 4: Interchangeable instructions Instructions mixing • Level 5: 1 through 4 and changeabledecryption algorithm, repeated encryption of virus code and partial encryption of the decryptor code • Level 6: Main code changeable

  9. Anti-Virus Software • Emulation • Sand-Boxing via Virtual Computer Environment

  10. Conclusion • Strong Threat • Next level : Metamorphic Viruses

  11. Thank You!

More Related