Nowadays viruses use polymorphic techniques to mutate their code on each replication, thus evading detection by antiviruses. However detection by emulation can defeat simple polymorphism: thus metamorphic techniques are used which thoroughly change the viral code, even after decryption. We briefly detail this evolution of virus protection techniques against detection and then study the METAPHOR virus, today's most advanced metamorphic virus.
[1] John Aycock. Computer Viruses and Malware. Springer, 2006.
[2] Philippe Beaucamps and ´Eric Filiol. On the possibility of practically
obfuscating programs – towards a unified perspective of code protection.
Journal in Computer Virology, 3(1), April 2007.
[3] Fred Cohen. Computer viruses - theory and experiments, 1984.
[4] ´Eric Filiol. Strong cryptography armoured computer viruses forbidding
code analysis: the BRADLEY virus. In Proceedings of the 14th EICAR
conference, May 2004.
[5] ´Eric Filiol. Computer viruses: from theory to applications. Springer
Verlag, 2005.
[6] ´Eric Filiol. Advanced viral techniques. Springer Verlag France, 2007.
An english translation is pending, due mid 2007.
[7] Kharn. Exploring RDA. .aware eZine, 1, January 2007.
[8] Mark Ludwig. Computer Viruses, Artificial Life and Evolution. American
Eagle Publications, Inc., 1993.
[9] Mark Ludwig. The Giant Black Book of Computer Viruses. American
Eagle Publications, Inc., 1995.
[10] George Marsaglia. Xorshift RNGs. Journal of Statistical Software,
8(14), 2003.
[11] The Mental Driller. METAPHOR source code. Version 1D available at:
http://vx.netlux.org/src view.php?file=metaphor1d.zip.
[12] The Mental Driller. TUAREG details and source code. Available in
29A#5: http://vx.org.ua/29a/29A-5.html.
[13] The Mental Driller. Advanced polymorphic engine construction. 29A,
5, December 2000. Available at: http://vx.netlux.org/lib/vmd03.html.
[14] The Mental Driller. Metamorphism in practice or ”how i made METAPHOR
and what i’ve learnt”. 29A, 6, February 2002. Available at:
http://vx.netlux.org/lib/vmd01.html.
[15] MidNyte. An introduction to encryption, April 1999. Available at:
http://vx.netlux.org/lib/vmn{04,05,06}.html.
[16] James Riordan and Bruce Schneier. Environmental key generation
towards clueless agents. In Lecture Notes In Computer Science, volume
1419, pages 15 – 24, 1998.
[17] Alisa Shevchenko. The evolution of self-defense technologies in
malware. Available at: http://www.net-security.org/article.php?id=1028,
July 2007.
[18] Diomidis Spinellis. Reliable identification of bounded-length viruses is
NP-complete. IEEE Transactions on Information Theory, 49(1):280 –
284, January 2003.
[19] Peter Szor. The Art of Computer Virus Research and Defense. Addison
Wesley Professional, 2005.
[1] John Aycock. Computer Viruses and Malware. Springer, 2006.
[2] Philippe Beaucamps and ´Eric Filiol. On the possibility of practically
obfuscating programs – towards a unified perspective of code protection.
Journal in Computer Virology, 3(1), April 2007.
[3] Fred Cohen. Computer viruses - theory and experiments, 1984.
[4] ´Eric Filiol. Strong cryptography armoured computer viruses forbidding
code analysis: the BRADLEY virus. In Proceedings of the 14th EICAR
conference, May 2004.
[5] ´Eric Filiol. Computer viruses: from theory to applications. Springer
Verlag, 2005.
[6] ´Eric Filiol. Advanced viral techniques. Springer Verlag France, 2007.
An english translation is pending, due mid 2007.
[7] Kharn. Exploring RDA. .aware eZine, 1, January 2007.
[8] Mark Ludwig. Computer Viruses, Artificial Life and Evolution. American
Eagle Publications, Inc., 1993.
[9] Mark Ludwig. The Giant Black Book of Computer Viruses. American
Eagle Publications, Inc., 1995.
[10] George Marsaglia. Xorshift RNGs. Journal of Statistical Software,
8(14), 2003.
[11] The Mental Driller. METAPHOR source code. Version 1D available at:
http://vx.netlux.org/src view.php?file=metaphor1d.zip.
[12] The Mental Driller. TUAREG details and source code. Available in
29A#5: http://vx.org.ua/29a/29A-5.html.
[13] The Mental Driller. Advanced polymorphic engine construction. 29A,
5, December 2000. Available at: http://vx.netlux.org/lib/vmd03.html.
[14] The Mental Driller. Metamorphism in practice or ”how i made METAPHOR
and what i’ve learnt”. 29A, 6, February 2002. Available at:
http://vx.netlux.org/lib/vmd01.html.
[15] MidNyte. An introduction to encryption, April 1999. Available at:
http://vx.netlux.org/lib/vmn{04,05,06}.html.
[16] James Riordan and Bruce Schneier. Environmental key generation
towards clueless agents. In Lecture Notes In Computer Science, volume
1419, pages 15 – 24, 1998.
[17] Alisa Shevchenko. The evolution of self-defense technologies in
malware. Available at: http://www.net-security.org/article.php?id=1028,
July 2007.
[18] Diomidis Spinellis. Reliable identification of bounded-length viruses is
NP-complete. IEEE Transactions on Information Theory, 49(1):280 –
284, January 2003.
[19] Peter Szor. The Art of Computer Virus Research and Defense. Addison
Wesley Professional, 2005.
@article{"International Journal of Information, Control and Computer Sciences:62645", author = "Philippe Beaucamps", title = "Advanced Polymorphic Techniques ", abstract = "Nowadays viruses use polymorphic techniques to mutate their code on each replication, thus evading detection by antiviruses. However detection by emulation can defeat simple polymorphism: thus metamorphic techniques are used which thoroughly change the viral code, even after decryption. We briefly detail this evolution of virus protection techniques against detection and then study the METAPHOR virus, today's most advanced metamorphic virus.
", keywords = "Computer virus, Viral mutation, Polymorphism, Meta¬morphism, MetaPHOR, Virus history, Obfuscation, Viral genetic techniques.", volume = "1", number = "10", pages = "3260-12", }
