30-05-2012, 01:29 PM
METAMORPHIC VIRUS ANALYSIS AND DETECTION
Metamorphic virus .ppt (Size: 987.5 KB / Downloads: 57)
Metamorphic Viruses
The virus carries its source code with it and when it finds a compiler installed on a machine, it inserts or removes garbage code into its source code and re-compiles itself. This kind of virus is called metamorphic virus.
The Metamorphic Virus
Metamorphic viruses transform their code as they propagate, thus avoiding detection by static signature-based virus scanners.
Also they have the potential to lead or bringing up malicious programs that are virtually undetectable statistically.
The main goal of metamorphism is to change the appearance of the virus while keeping its functionality.
They do not use a data area filled with string constants but have one single-code body that carries data as code.
Metamorphic viruses usually avoid creating new generations that look very similar to their parents.
The Virus Evolution
This virus infects other files by modifying them and attaching itself to them usually at the entry-point.
In simple virus attaches the exact same copy of itself to all infected files.
Detection is an easy case for the antivirus scanners.
Metamorphic Techniques
To avoid detection, metamorphic viruses use several different techniques to develope their code into new generations that look completely different, but have exactly the same functionality.
Garbage Code Insertion
Garbage code (or junk code) insertion is a simple technique. The idea behind this technique is to make their code look different so that no usable hexadecimal search string can be extracted. The instructions inserted into the code are called garbage because they have no impact on the functionality of the code.