Metamorphic code

Metamorphic code

In computer virus terms, metamorphic code is code that can reprogram itself. Often, it does this by translating its own code into a temporary representation, editing the temporary representation of itself, and then writing itself back to normal code again.[1] This procedure is done with the virus itself, and thus also the metamorphic engine itself undergoes changes. This is used by some viruses when they are about to infect new files, and the result is that the "children" will never look like their "parents". The computer viruses that use this technique do this in order to avoid the pattern recognition of anti-virus software: the actual algorithm does not change, but everything else might.

While polymorphic viruses cipher their functional code to avoid pattern recognition, such a virus will still need to decipher the code - unmodified from infection to infection - in order to execute. Metamorphic viruses change their code to an equivalent one (i.e. a code doing essentially the same thing), so that a mutated virus never has the same executable code in memory (not even at runtime) as the original virus that constructed the mutation. This modification can be achieved using techniques like inserting NOP instructions (brute force), swapping registers, changing flow control with jumps or reordering independent instructions. Metamorphic code is usually more effective than polymorphic code. Unlike with polymorphic viruses, anti-virus products may not simply use emulation techniques to defeat metamorphism, since metamorphic code may never reveal code that remains constant from infection to infection.

Metamorphic code can also mean that a virus is capable of infecting executables from two or more different operating systems (such as Windows and GNU/Linux) or even different computer architectures. Often, the virus does this by carrying several viruses within itself. The beginning of the virus is then coded so that it translates to correct machine-code for all of the platforms that it is supposed to execute in.[2] It is possible, in theory, for a metamorphic virus to rewrite the temporary representation of itself into another set of instructions, intended for another computer architecture. If one were used, the API may also have to be changed in the leap to a new platform.

Contents

Metamorphic viruses

See also

References

External links

  • [3] Hunting for Metamorphic

Wikimedia Foundation. 2010.

Игры ⚽ Нужно сделать НИР?

Look at other dictionaries:

  • Metamorphic (disambiguation) — The term Metamorphic can be associated with a number of meanings: Metamorphic rock: The term for rocks that have been transformed by extreme heat and pressure. Metamorphic Technique is a form of massage used in complementary and alternative… …   Wikipedia

  • Metamorphic — The term Metamorphic can be associated with a number of meanings:*Metamorphic rock: The term for rocks that have been transformed by extreme heat and pressure. *Metamorphic Technique is a form of massage used in complementary and alternative… …   Wikipedia

  • Polymorphic code — In computer terminology, polymorphic code is code that mutates while keeping the original algorithm intact. This technique is sometimes used by computer viruses, shellcodes and computer worms to hide their presence. Most anti virus software and… …   Wikipedia

  • Oligomorphic code — An oligomorphic engine is generally used by a computer virus to generate a decryptor for itself in a way comparable to a simple polymorphic engine. It does this by randomly selecting each piece of the decryptor from several predefined… …   Wikipedia

  • Computer virus — Not to be confused with Malware. A computer virus is a computer program that can replicate itself[1] and spread from one computer to another. The term virus is also commonly but erroneously used to refer to other types of malware, including but… …   Wikipedia

  • Timeline of notable computer viruses and worms — This is a timeline of noteworthy computer viruses and worms.1970 1979Early 1970s* Creeper virus was detected on ARPANET infecting the Tenex operating system. Creeper gained access independently through a modem and copied itself to the remote… …   Wikipedia

  • Polymorphic engine — A polymorphic engine (sometimes called mutation engine or mutating engine) is a computer program that can be used to transform another program into a version that consists of different code with the same functionality. A typical polymorphic… …   Wikipedia

  • Strange loop — A strange loop arises when, by moving up or down through a hierarchical system, one finds oneself back where one started. Strange loops may involve self reference and paradox. The concept of a strange loop was proposed and extensively discussed… …   Wikipedia

  • Metamorphism (disambiguation) — Metamorphism, in geology, is the solid state recrystallisation of rocks under environmental forces. Metamorphism may also refer to: Metamorphism (Merzbow album) (2006) Metamorphism (computer science), the categorical dual of a hylomorphism… …   Wikipedia

  • ZMist — (also known as Zombie.Mistfall) is a metamorphic computer virus created by Russian virus writer known as Z0mbie. It was the first virus to use a technique known as code integration . In the words of Szor and Ferrie (see link below):This virus… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”