Guide to Encrypted Viruses and the damage they can cause


A Guide to Encrypted Viruses


The basic foundation of encrypted viruses and their operation

There is some confusion between polymorphism and the encryption process. The level of escalation will determine the damage that encrypted viruses can inflict on any given system. Programmers will write the code in such a way that it cannot be easily seen. That means that you may not even notice that your product is under attack. Any programs that were meant to detect Trojans would not be able to bring concrete proof of the attack. There was one which was written by Andy Hopkins in 1984 and he named it the CHK4BOMB. Essentially it would alert the user to problems with formatting and direct disk writes. Unfortunately the encrypted viruses found a way round this.

The mechanisms that make encrypted viruses successful

It is very difficult to resolve a computer problem if you are not even aware of its existence. This is the power of encryption. There is some sort of dilemma in as much as encrypted code is not executable. Therefore the virus will include an element that can decrypt the code at strategic points. In most cases this is the only part of the file that will not be hidden. If you can find a way of targeting it then the rest of the malware will be rendered useless. In many of the protective programs use this technique.

The techniques used by encrypted viruses

At the most basis level you will have a combination of incrementing and decrementing. Alternatively they might work by rotating each byte in code language. Some bytes may be negated while others may not work logically. A key is not necessarily required for these actions. It is possible to change the text through adding and subtracting or Xoring. If a key is used then there are three types to choose from. The static does not change when the viral element is in operation. For example they might add 128 to each byte or rotate each byte three places in either direction. Alternatively each word may be given a xor of 0F8F8h.

The hidden challenges of working against encrypted viruses

Predictable results can be produced using the static methodologies and those which keep changing the keys. When the virus is replicated, the original keys will be understandable for the programmer. Therefore they can keep an eye on how the infection is progressing. The antivirus industry then targets them all using similar strategies. The assumption is that once resistance point will be able to work in all the parent and child versions of the malware.

 

 

    Page copy protected against web site content infringement by Copyscape

 

 


 

 


 

Call Toll Free: 1- 888- 901- GEEK (4335)

 

Posted in Geek Stuff

Leave a Reply

Your email address will not be published. Required fields are marked *

*



Some of our Happy Customers we have provided service for...