One of the most important requirements of malicious code analysis is the understand of advanced code evolution techniques.There are common techniques used by malicious code developers and writers to evade detection and destruction:
Common Techniques:
1. Self-Encryption and Self-Decryption
Malicious code may encrypt the virus body. Even using several layers of encryption and decryption and/or using random keys (Oligomorphic Viruses) in encryption and decryption. This makes them harder to examine directly.
2. Binders and Packers
Most virus signature files are created based on the checksum value which makes use of the file properties and first few bytes of the malicious code binaries. The binders technique is to bind the virus and malicious code file on to another file, which changes its form. The packers technique is to compress the virus code before it is embedded.
3. Polymorphism
Malicious code can change its default encryption settings as well as the decryption code during self-encryption. These make it much more difficult to detect.
4. Metamorphic Viruses
These do not have a decryptor or a constant virus body but are able to create new generations that look different. Malicious code change its form by, for instance, rearranging its code fragments or/and by adding useless lines of code into its source, and recompiling itself into a new form.
These do not have a decryptor or a constant virus body but are able to create new generations that look different. Malicious code change its form by, for instance, rearranging its code fragments or/and by adding useless lines of code into its source, and recompiling itself into a new form.
5. Stealth
The technique is designed to evade anti-virus software detection by hiding the code itself.
Let's have a talk about virus infection techniques in future post.
No comments:
Post a Comment