|
Polymorphic Malware
In computing, polymorphic code is code that uses a polymorphic engine to mutate while keeping the original algorithm intact - that is, the ''code'' changes itself every time it runs, but the ''function'' of the code (its semantics) stays the same. For example, the simple math expressions 3+1 and 6-2 both achieve the same result, yet run with different machine code in a CPU. This technique is sometimes used by computer viruses, shellcodes and computer worms to hide their presence. Encryption is the most common method to hide code. With encryption, the main body of the code (also called its payload) is encrypted and will appear meaningless. For the code to function as before, a decryption function is added to the code. When the code is ''executed'', this function reads the payload and decrypts it before executing it in turn. Encryption alone is not polymorphism. To gain polymorphic behavior, the encryptor/decryptor pair is mutated with each copy of the code. This allows different ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Polymorphic Engine
A polymorphic engine (sometimes called mutation engine or mutating engine) is a software component that uses polymorphic code to alter the payload while preserving the same functionality. Polymorphic engines are used almost exclusively in malware, with the purpose of being harder for antivirus software to detect. They do so either by encrypting or obfuscating the malware payload. One common deployment is a file binder that weaves malware into normal files, such as office documents. Since this type of malware is usually polymorphic, it is also known as a '' polymorphic packer''. The engine of the Virut botnet A botnet is a group of Internet-connected devices, each of which runs one or more Internet bot, bots. Botnets can be used to perform distributed denial-of-service attack, distributed denial-of-service (DDoS) attacks, steal data, send Spamming, sp ... is an example of a polymorphic engine. References {{DEFAULTSORT:Polymorphic Engine Types of malware ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Programmer
A programmer, computer programmer or coder is an author of computer source code someone with skill in computer programming. The professional titles Software development, ''software developer'' and Software engineering, ''software engineer'' are used for jobs that require a programmer. Identification Sometimes a programmer or job position is identified by the language used or target platform. For example, assembly language, assembly programmer, web developer. Job title The job titles that include programming tasks have differing connotations across the computer industry and to different individuals. The following are notable descriptions. A ''software developer'' primarily implements software based on specifications and fixes Software bug, bugs. Other duties may include code review, reviewing code changes and software testing, testing. To achieve the required skills for the job, they might obtain a computer science or associate degree, associate degree, attend a Cod ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Obfuscated Code
In software development, obfuscation is the practice of creating source or machine code that is intentionally difficult for humans or computers to understand. Similar to obfuscation in natural language, code obfuscation may involve using unnecessarily roundabout ways to write statements. Programmers often obfuscate code to conceal its purpose, logic, or embedded values. The primary reasons for doing so are to prevent tampering, deter reverse engineering, or to create a puzzle or recreational challenge to deobfuscate the code, a challenge often included in crackmes. While obfuscation can be done manually, it is more commonly performed using obfuscators. Overview The architecture and characteristics of some languages may make them easier to obfuscate than others. C, C++, and the Perl programming language are some examples of languages easy to obfuscate. Haskell is also quite obfuscatable despite being quite different in structure. The properties that make a language obfuscat ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Shellcode
In hacking, a shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability. It is called "shellcode" because it typically starts a command shell from which the attacker can control the compromised machine, but any piece of code that performs a similar task can be called shellcode. Because the function of a payload is not limited to merely spawning a shell, some have suggested that the name shellcode is insufficient. However, attempts at replacing the term have not gained wide acceptance. Shellcode is commonly written in machine code. When creating shellcode, it is generally desirable to make it both small and executable, which allows it to be used in as wide a variety of situations as possible. In assembly code, the same function can be performed in a multitude of ways and there is some variety in the lengths of opcodes that can be used for this purpose; good shellcode writers can put these small opcodes to use to create more compact ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Alphanumeric Shellcode
In hacker (computer security), hacking, a shellcode is a small piece of code used as the Payload (computing), payload in the exploit (computer security), exploitation of a software Vulnerability (computing), vulnerability. It is called "shellcode" because it typically starts a Shell (computing), command shell from which the attacker can control the compromised machine, but any piece of code that performs a similar task can be called shellcode. Because the function of a payload is not limited to merely spawning a shell, some have suggested that the name shellcode is insufficient. However, attempts at replacing the term have not gained wide acceptance. Shellcode is commonly written in machine code. When creating shellcode, it is generally desirable to make it both small and executable, which allows it to be used in as wide a variety of situations as possible. In assembly code, the same function can be performed in a multitude of ways and there is some variety in the lengths of op ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Self-modifying Code
In computer science, self-modifying code (SMC or SMoC) is source code, code that alters its own instruction (computer science), instructions while it is execution (computing), executing – usually to reduce the instruction path length and improve computer performance, performance or simply to reduce otherwise duplicate code, repetitively similar code, thus simplifying software maintenance, maintenance. The term is usually only applied to code where the self-modification is intentional, not in situations where code accidentally modifies itself due to an error such as a buffer overflow. Self-modifying code can involve overwriting existing instructions or generating new code at run time and transferring control to that code. Self-modification can be used as an alternative to the method of "flag setting" and conditional program branching, used primarily to reduce the number of times a condition needs to be tested. The method is frequently used for conditionally invoking test/deb ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Virut
Virut is a cybercrime malware botnet, operating at least since 2006, and one of the major botnets and malware distributors on the Internet. In January 2013, its operations were disrupted by the Polish organization Naukowa i Akademicka Sieć Komputerowa. Characteristics Virut is a malware botnet that is known to be used for cybercrime activities such as DDoS attacks, spam (in collaboration with the Waledac botnet), fraud, data theft, and pay-per-install activities. It spreads through executable file infection (through infected USB sticks and other media), and more recently, through compromised HTML files (thus infecting vulnerable browsers visiting compromised websites). It has infected computers associated with at least 890,000 IP addresses in Poland. In 2012, Symantec estimated that the botnet had control of over 300,000 computers worldwide, primarily in Egypt, Pakistan and Southeast Asia (including India). A Kaspersky report listed Virut as the fifth-most widespread threat in ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Dark Avenger
Dark Avenger was the pseudonym of a computer virus writer from Sofia, Bulgaria. He gained considerable notoriety during the early 1990s when his viruses spread internationally. Background and origins During the Cold War, the Bulgarian government authorized projects to reverse engineer Western technology. This eventually led to the Pravetz computers of the 1980s, which cloned popular Western personal computers. A community formed around these computers when they were used in schools to teach students computer programming. In April 1988, Bulgaria's trade magazine for computers, ''Компютър за Вас'' (''Computer for You''), published a translation of a German article about computer viruses and methods for writing them. A few months after that, Bulgaria experienced several foreign viruses. The interest spawned by both the article and the viruses inspired young Bulgarian programmers to devise their own viruses. Soon a wave of Bulgarian viruses erupted, started by th ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
1260 (computer Virus)
1260, or V2PX, was a polymorphic computer virus written in 1990 by Mark Washburn. Derived from Ralf Burger's publication of the disassembled Vienna Virus source code, the 1260 added a cipher and varied its signature by randomizing its decryption algorithm. Both the 1260 and Vienna infect .COM files in the current or PATH directories upon execution. Changing an authenticated executable file is detected by most modern computer operating system An operating system (OS) is system software that manages computer hardware and software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for ...s. article. References {{Hacking in the 1980s[...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Metamorphic Code
Metamorphic code is code that when run outputs a logically equivalent version of its own code under some interpretation. This is similar to a quine, except that a quine's source code is exactly equivalent to its own output. Metamorphic code also usually outputs machine code and not its own source code. Overview Metamorphic code is used by computer viruses to avoid the pattern recognition of anti-virus software. Metamorphic viruses often translate their own binary code into a temporary representation, editing the temporary representation of themselves and then translate the edited form back to machine code again. This procedure is done with the virus itself, and thus also the metamorphic engine itself undergoes changes, which means that no part of the virus stays the same. This differs from polymorphic code, where the polymorphic engine can not rewrite its own code. Metamorphic code is used by some viruses when they are about to infect new files, and the result is that the next gen ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Sandbox (computer Security)
In computer security, a sandbox is a security mechanism for separating running programs, usually in an effort to mitigate system failures and/or software vulnerabilities from spreading. The sandbox metaphor derives from the concept of a child's sandbox—a play area where children can build, destroy, and experiment without causing any real-world damage. It is often used to kill untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as storage and memory scratch space. Network access, the ability to inspect the host system, or read from input devices are usually disallowed or heavily restricted. In the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. Sandboxing is frequently used to t ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Malware
Malware (a portmanteau of ''malicious software'')Tahir, R. (2018)A study on malware and malware detection techniques . ''International Journal of Education and Management Engineering'', ''8''(2), 20. is any software intentionally designed to cause disruption to a computer, server (computing), server, Client (computing), client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types (i.e. computer viruses, Computer worm, worms, Trojan horse (computing), Trojan horses, logic bombs, ransomware, spyware, adware, rogue software, Wiper (malware), wipers and keyloggers). Malware poses serious problems to individuals and businesses on the Internet. According to NortonLifeLock, Symantec's 2018 Internet Security Threat Report (ISTR), malware variants number has increased to 66 ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
