Wikipedia

Polymorphic code: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
No edit summary
m Added info about metamorphic code.
Line 7:
It cannot, however, find the program if it constantly mutates so that it never looks the same. This is the very idea of polymorphic code.
 
Most often, a virus/ or worm that makes any attempt to hide its presence will do that by encrypting itself. However, before being executed at a remote computer, it obviously first needs to decrypt itself. In order to decrypt the virus or worm, some part of the code has to be deliverd unencrypted. Thus, while not being able to detect the actual virus or worm, the anti virus-software/ or intrusion detection system will still be able to detect the virus decryption engine!.
 
However, if the decryption engine is rewritten each time before it is transferred into a new computer (in the case of a worm/shellcode) or computer file (in the case of a virus), it becomes nearlymuch impossibleharder for any security software to detect the presence of the malicious program. Alas, if the security software tries to use pattern analysis long after the malicious code has begun executing, it will be able to find the pattern of the decrypted body.
 
== How it worksExample ==
 
An algorithm that uses, for example, the variables A and B but not the variable C could stay intact even if you added lots of codes that changed the content in the variable C.
Line 21:
Encrypted:
...
lots of encrypted code!!!
...
Decryption_Code:
Line 60:
some_random_number
 
The code inside "Encrypted" ("lots of encrypted code!!!") could then search the code between Decryption_Code and [[CryptoKey]] and remove all the code that alters the variable C. Before the next time the encryption engine is used, it could input new unnecessary codes that alters C, or even exchange the code in the algorithm into new code that does the same thing.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
== See also ==
See also: [[self-modifying code]], [[alphanumeric code]], [[shellcode]], [[software cracking]], [[security cracking]]
* [[Metamorphic code]]
* [[Self-modifying code]]
* [[alphanumeric code]]
* [[shellcode]]
* [[software cracking]]
* [[security cracking]]
Retrieved from "https://en.wikipedia.org/wiki/Polymorphic_code"