Page 3 of 3 FirstFirst 123
Results 21 to 23 of 23
  1. #21
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Why isnt this thread in the tech humour section ? Its always nice to have a good laugh
    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  2. #22
    Now, RFC Compliant! Noia's Avatar
    Join Date
    Jan 2002

    Personaly though...I'd love to get my hands on some Stealth or poly-morphic code....always wonder how da hell they work...still....a Virul lab isn't gona be able to make any thing a half decent AV can't pick up....companire like McAfee and Norton pick those things apart and make sure they search for hard-coded string....thus..no matter what you pick...the Virus will still be picked up :P


    *Waits for Negative.. *

    - Noia
    With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .:Bring OS X to x86!:.
    Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.

  3. #23
    Personaly though...I'd love to get my hands on some Stealth or poly-morphic code
    Here is the expanation of the MtE Polymorphiuc Engine: http://www.avp.ch/avpve/poly-gen/mte.stm :

    MtE (MuTation Engine) is the first known polymorphic generator. It was released in 1991 and shocked the anti-virus researches by its very difficult (for 1991) polymorphic algorithm. Into the decryption part of a virus the operations SUB, ADD, XOR, ROR, ROL can be present in any times and any order. The code which loads a key and another values of a cipher consists also from random number of assembler instructions (ADD, SUB, TEST, XOR, OR, SHR, SHL, ROR, MOV, XCHG, JNZ, PUSH, POP ... - more than 1/2 of i86 instructions) with some addressing modes.
    These MtE-based viruses contain the string:

    MtE 0.90
    The engine was created by Dark Avenger, and the source code is well commented and documented for the would be virus maker. The source code is attached in plain text which in itself is totally harmless. PLEASE DO NOT COMPILE THIS SOURCE UNLESS YOU ARE IN STRICT TESTING CONDITIONS. WHILE AV WILL PICK IT UP, IT CAN STILL HARM YOUR COMPUTER IF YOU DO NOT KNOW WHAT YOU ARE DOING. YOU HAVE BEEN WARNED.

    On this site, you can find Zines by 40hex that go into specific detail covering different aspects of virii. It's old school, but very interesting and educational. To this day, I wonder how AV researchers keep up with all of it....

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts