![]() Each change makes Virut appear entirely different to casual analysis. This layer uses a custom XOR encryption algorithm, which is also weak, but built in such a way that makes it trivial for the author to change. ![]() ![]() It uses checks such as checking CPU speed, illegal instructions, and API address manipulation to detect analysis. The second layer of encryption is more complicated. The first layer is also optional, which helps to make detection more challenging. This layer also uses spaghetti code and junk instructions to make white-box analysis more difficult and time consuming. The first layer encrypts the code using a weak encryption algorithm. There are two layers of encryption employed by Virut. Some of the techniques employed include an advanced polymorphic engine, spaghetti code, and encryption. None of the techniques are new, but have been used effectively within Virut. This particular variant uses many advanced techniques to avoid detection and removal. Virut went through many revisions before the CF variant surfaced. So, what is it that sets this file-infector apart from the others and what makes it so difficult to remove? Once this threat infiltrates a network it can spread quite quickly using open network shares. This threat has already compromised corporate networks and is proving difficult to remove from infected networks. So with virut we are out on the tiles, or out in the trenches rather.Ĭurrently we are seeing an outbreak of a particularly sinister file-infector, known as. Every advance in antivirus prompted the malicious code authors to come up with new and imaginative ways to thwart these efforts and vice-versa. Since this type of threat showed up there has been a struggle between security vendors and malware writers. This has proven to be an effective technique that malicious code authors have employed to give their code a better chance of survival in the wild. Quote Polymorphic file-infectors have been around for a long time, with possibly the first one surfacing in 1990.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |