Vulnerability Development mailing list archives
Re: Why not a changeling?
From: 11a () GMX NET (Bluefish)
Date: Sun, 21 May 2000 00:52:39 +0200
Hmmmm..
1. Morphing scriptviruses has been discussed in Bugtraq after the
melisa problems IIRC. A semi-working morphing engine for VBA was
developed and tested.
2. Morphing executable has been known for ages.
In case 2, the code can be written so that it will be somewhat close to
what some "legal" software does. Therefor, new virusscanners often rely on
decoding the virus and then checking the contest of the encrypted
software.
Case 1 is less researched as there is no (AFAIK) morphing script virus in
the wild. But if my memory is correct, an engine has been published in
bugtraq. (don't kill me if I'm wrong, not entirely certain)
..:::::::::::::::::::::::::::::::::::::::::::::::::..
http://www.11a.nu || http://bluefish.11a.nu
eleventh alliance development & security team
Current thread:
- Re: reverse engineer c or java, (continued)
- Re: reverse engineer c or java Bluefish (May 23)
- Re: reverse engineer c or java Mark Rafn (May 20)
- Re: reverse engineer c or java Pedro Hugo (May 20)
- Re: reverse engineer c or java phazer (May 20)
- Re: reverse engineer c or java Warner Losh (May 21)
- Re: reverse engineer c or java Liviu Daia (May 22)
- String checking with PHP Arturo Busleiman (May 24)
- Re: String checking with PHP Joe (May 24)
- Re: String checking with PHP Arturo Busleiman (May 24)
- Why not a changeling? Daniel Petzen (May 20)
- Re: Why not a changeling? Bluefish (May 20)
- Re: Why not a changeling? Daniel Petzen (May 20)
- Netscape forms using standard windows controls No User (May 21)
- Re: Netscape forms using standard windows controls Derek Reynolds (May 21)
- Re: Netscape forms using standard windows controls Pavel Kankovsky (May 22)
- Re: Netscape forms using standard windows controls Chon-Chon Tang (May 22)
- Re: Why not a changeling? Bluefish (May 21)
- TopLayer layer 7 switch Advisory User nawk (May 20)
- Re: chsh Segfault on FreeBSD 3.3 Pavol Luptak (May 20)