May 15th, 2003, 01:17 PM
Why isnt this thread in the tech humour section ? Its always nice to have a good laugh
Ubuntu-: Means in African : "Im too dumb to use Slackware"
May 15th, 2003, 01:21 PM
Personaly though...I'd love to get my hands on some Stealth or poly-morphic code....always wonder how da hell they work...still....a Virul lab isn't gona be able to make any thing a half decent AV can't pick up....companire like McAfee and Norton pick those things apart and make sure they search for hard-coded string....thus..no matter what you pick...the Virus will still be picked up :P
*Waits for Negative.. *
With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .:Bring OS X to x86!
Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.
May 15th, 2003, 04:34 PM
Here is the expanation of the MtE Polymorphiuc Engine: http://www.avp.ch/avpve/poly-gen/mte.stm :
Personaly though...I'd love to get my hands on some Stealth or poly-morphic code
The engine was created by Dark Avenger, and the source code is well commented and documented for the would be virus maker. The source code is attached in plain text which in itself is totally harmless. PLEASE DO NOT COMPILE THIS SOURCE UNLESS YOU ARE IN STRICT TESTING CONDITIONS. WHILE AV WILL PICK IT UP, IT CAN STILL HARM YOUR COMPUTER IF YOU DO NOT KNOW WHAT YOU ARE DOING. YOU HAVE BEEN WARNED.
MtE (MuTation Engine) is the first known polymorphic generator. It was released in 1991 and shocked the anti-virus researches by its very difficult (for 1991) polymorphic algorithm. Into the decryption part of a virus the operations SUB, ADD, XOR, ROR, ROL can be present in any times and any order. The code which loads a key and another values of a cipher consists also from random number of assembler instructions (ADD, SUB, TEST, XOR, OR, SHR, SHL, ROR, MOV, XCHG, JNZ, PUSH, POP ... - more than 1/2 of i86 instructions) with some addressing modes.
These MtE-based viruses contain the string:
On this site, you can find Zines by 40hex that go into specific detail covering different aspects of virii. It's old school, but very interesting and educational. To this day, I wonder how AV researchers keep up with all of it....