Metamorphic Viruses (the most dangerous virus for now)

Comparison between Metamorphic Viruses & Polymorphic Viruses (once the most deadly threat)

The most deadly of mallware for now! (:AGY)

Metamorphic Viruses can reprogram itself. Often, it does this by translating its own code into a temporary representation, edit the temporary representation of itself, and then write itself back to normal code again. This procedure is done with the virus itself, and thus also the metamorphic engine itself undergoes changes. This is used by some viruses when they are about to infect new files, and the result is that the “children” will never look like their parents. The computer viruses that use this technique do this in order to avoid the pattern recognition of anti-virus software: the actual algorithm does not change, but everything else might.
Metamorphic code is more effective than polymorphic code. This is because most anti-virus software will try to search for known virus-code even during the execution of the code. Whether Heuretics & proactive defense & behavioral analysis can effectively stop these next generation of mallware, that remains to be seen.

There may be a chance that even HIPS cannot stop metamorphic viruses.To avoid being detected by emulation, some viruses rewrite themselves completely each time they are to infect new executables. Viruses that use this technique are said to be metamorphic. To enable metamorphism, a metamorphic engine is needed. A metamorphic virus is usually very large and complex. For example, W32/Simile consisted of over 14000 lines of Assembly language code, 90% of it is part of the metamorphic engine.[4]

A metamorphic virus thwarts detection bys ignature-based (static) AV technologies by morphing its
code as it propagates. The virus can also thwart detection by emulation-based (dynamic) technologies.

Polymorphic virus are viruses that changes its virus signature (i.e., its binary pattern) every time it replicates and infects a new file in order to keep from being detected by an antivirus program.
What is a polymorphic virus?

A polymorphic virus is one that produces varied but operational copies of itself. This strategy assumes that virus scanners will not be able to detect all instances of the virus. One method of evading scan-string driven virus detectors is self-encryption with a variable key.

More sophisticated polymorphic viruses (e.g., V2P6) vary the sequences of instructions in their variants by interspersing the decryption instructions with “noise” instructions (e.g., a No Operation instruction, or an instruction to load a currently unused register with an arbitrary value), by interchanging mutually independent instructions, or even by using various instruction sequences with identical net effects (e.g., Subtract A from A, and Move 0 to A). A simple-minded, scan-string based virus scanner would not be able to reliably identify all variants of this sort of virus; in this case, a sophisticated scanning engine has to be constructed after thorough research into the particular virus.

One of the most sophisticated forms of polymorphism used so far is the Mutation Engine (MtE), which comes in the form of an object module. With the Mutation Engine, any virus can be made polymorphic by adding certain calls to its assembler source code and linking to the mutation-engine and random-number generator modules.

The advent of polymorphic viruses has rendered virus scanning an increasingly difficult and expensive endeavor; adding more and more search strings to simple scanners will not adequately deal with these viruses.

It is known that polymorphic viruses were once the most difficult viruses to detect,the best AV app can detect max.30% of unknown polymorphic viruses!!!.
AV Comparatives used only 12 known polymorphic viruses and many AVs already had the problems with them.

How about METAMORPHIC VIRUSES which are even more powerful??? (:SHY)
Note: I accidentaly encountered one of these viruses, it crippled my previous nod32 v2.7 & destroyed it!!!. Heuretics & selfdefense or proactive defense can do little against it. I had to reformat my harddisk, Good thing I have DVD backup of my files…

poly or meta… they couldn’t penetrate v3 of our firewall (plus CMG).

Melih

That is good to know!! Hope they dont for all of our sakes. :BNC It seems Anti Virus companies are always a few steps behind mallware makers. (Classic cat and mouse game). (:WIN)

well the very nature of of the way AV works… it can only detect after the fact…It can’t prevent against new viruses…

go to www.virustotal.com and look at the statistics to see how many viruses yesterday went without being detected! (don’t get shocked with the number though :slight_smile: )

Melih

(:KWL)

Thanks for the info. Guess that the way it will always gonna be.

Prevention must always come first then disinfection I think :SMLR . Sad thing is there is no foolproof way to prevent new threats always. (:SAD). I found that out the HARD way. (:SAD)

Virustotal has an ultimate combination of 20 antivirus scanners, but even 20 antivirus cannot stop all unknown threats, so what could even one scanner do by the way!!! (:SAD)

you will be hard pushed to find a malware that can get thru CFP v3 + CMG combination…

Melih

I really hope that is true… If i know better, these losers would create an even superior viruses than metamorphic ones, so like it will always be " The Cats will not catch all the mice". Some of the mice will get through eventually. (:SAD)

I Wish people would stop making these useless things but instead contribute to society. What do they really get when they damage someone computer ??? :-. What do they get anyway, The satisfaction that they are intellectually superior??? or just thrill of it??. (:SAD). If you ask me, they are cyber terrorists. (:AGY)

But thumbs up for Comodo for finding a way to beat this new threat (B) (R) (S)

Unfortunately nowadays malware is no longer about troublemakers creating mayhem for personal amusement,these days it’s about BIG business.I read somewhere that the market in malware worldwide is now greater than the illegal drugs industry.Whether or not that is true the fact is that there are people out there earning vast sums of money out of s**mware. (:SAD)

yup… its a big industry now…
taking over your machine, using your machine to send spam… taking over your machine to attack others, taking over your machine to extract your personal details (like bank accounts etc)…

“You are now one valuable Internet Netizen and baddies love you!”

Melih

Who do you think is making these new mallware? A paradox, if all av vendors get too smart, they may make themselves extinct!!! :THNK

Until there’s such a thing as flawless code there will always be new forms of malware so the fine folk at Comodo will be needed for a long time to come.

By the sheer volume and complexity of much of the new malware it’s clearly a well organised business,more than likely from a combination of organised crime groups and unscrupulous vendors of dodgy ‘security’ applications.Cyber criminals sometimes organise a botnet of infected pcs to bring down a commercial site using a denial of service type attack.They then blackmail the company into paying a ransom to prevent this happening,a sort of 21st century protection racket earning the perpetrators a lot of money.

Well the thing with these viruses, hackers really have to be so determined to make these sorts of viruses. Besides even if you did get infected by one of these viruses, theres always the best antivirus around.

Webroot window washer with bleach.

Then windows cd.

Then clean HD.

Then install windows.

O.o its windows antivirus!

Metamorphic Viruses (the most dangerous virus for now)!!!

I know this isnt a good question…

Where Can I download or get this Virus? I want it …lol

seriouslly

you’re not alone with this :-))) please PM me if someone has a link to download that mysterious polymorphic virus :-)))

(:CLP) I"m glad I"m not alone…

want some poly/metamorphic virus? it’s FLU ;D
long time ago, we only know flu. now we have BIRD FLU or some ppl call it AVIAN FLU ;D

It’s all because windows itself is a virus…it’s purpose is to absorb all other viruses it meets :slight_smile:

so true lol…and thats why linux is going to be the most popular lol

Yeah… and vulnerability and popularity are proportional. look the example of firefox and ie. Back then when ff was not so popular it was considered much much safer than ie. But now, every week they find a bunch of vulnerability in ff as well as in ie. The reason ff is still safer, imho, is that it doesn’t uses activex, vulnerabilities are patched much faster, and there are some really great utilities such as noscript to boost its security.

My point is, that these days only a few hundred linux viruses exists, mostly targetting servers. But if linux becomes as or even more popular than windows, the number of viruses written for linux will grow exponentially.

that’s true. but hey, linux is more secure by design, and always will be, until Windows changes it’s approach in counting every user a moron :-))))