Polymorphic Virii
- Polymorphic virii encrypt there own body.
- Self encryption usually hides the virus signature from the AV software.
- For polymorphic virii to spread the virus first decrypts itself .
- The virus has to momentarily take control of the CPU in order to do this.
- After decrypting the body of the virus, the decryption routine gives control of the machine to the decrypted viral body so the virus can spread.
- A polymorphic virus is significantly harder for Anti-Virus software to detect, because they generate new decryption routines on each infect which also changes the virus signature.
- Usually polymorphic code changes its signature using a simple binary generator called the mutation engine (MTE).
The MTE uses a random number generator and a simply algorithm to change the virus signature. - With the MTE we can make any virus polymorphic by making a few simple changes to the assembly code to call MTE before copying itself.
|