Author Topic: What happened to metamorphic viruses?  (Read 3371 times)

Offline q4knowledge

  • Newbie
  • *
  • Posts: 5
What happened to metamorphic viruses?
« on: May 23, 2012, 06:33:23 PM »
Do virus writers still attempt to make metamorphic or polymorphic code or have antiviruses over come this?

Out of curiosity, why are all metamorphic and polymorphic viruses file-infectors? Wouldn't it be a lot simpler to make a standalone program (worm) that rewrites itself? Furthermore for a file-infector  to work it needs to know whether it has infected a file before, which would be difficult.

Offline jay2007tech

  • Malware Research Group
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1994
Re: What happened to metamorphic viruses?
« Reply #1 on: May 25, 2012, 10:41:02 PM »
Quote
Do virus writers still attempt to make metamorphic or polymorphic code
Well yeah, Polymorphic would be easier to write.   Reason: if the goal is for going undetected (like hiding from a traditional av scanner: basically blacklist detecting) why make it more complex then needed.  I won't get into the specifics as this isn't a malware programming forum >:-D

Quote
have antiviruses over come this?
Depending on the AV, but to keep it as simple as possible.  Yes to some degree.

Quote
file-infector  to work it needs to know whether it has infected a file before
It all depends on how its coded.  example just infecting executable files or a specific ones like .bat files in a certian and/or all folders   :o

Quote
Wouldn't it be a lot simpler to make a standalone program (worm) that rewrites itself?
Of course


It's hard being a crooked Admin when the files won't pass an md5checksum test.  But like any other good crooked Admin it can be done, it just takes time(and lots of it) and a few aspirins

Offline q4knowledge

  • Newbie
  • *
  • Posts: 5
Re: What happened to metamorphic viruses?
« Reply #2 on: May 30, 2012, 03:33:25 PM »
Reason: if the goal is for going undetected (like hiding from a traditional av scanner: basically blacklist detecting) why make it more complex then needed.  I won't get into the specifics as this isn't a malware programming forum

What is?

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 18687
Re: What happened to metamorphic viruses?
« Reply #3 on: June 02, 2012, 04:23:50 PM »
What is?
Most certainly not this forum.

 

Seo4Smf 2.0 © SmfMod.Com | Smf Destek