|
Polymorphic Engine
A polymorphic engine (sometimes called mutation engine or mutating engine) is a software component that uses polymorphic code to alter the payload while preserving the same functionality. Polymorphic engines are used almost exclusively in malware, with the purpose of being harder for antivirus software to detect. They do so either by encrypting or obfuscating the malware payload. One common deployment is a file binder that weaves malware into normal files, such as office documents. Since this type of malware is usually polymorphic, it is also known as a '' polymorphic packer''. The engine of the Virut botnet A botnet is a group of Internet-connected devices, each of which runs one or more Internet bot, bots. Botnets can be used to perform distributed denial-of-service attack, distributed denial-of-service (DDoS) attacks, steal data, send Spamming, sp ... is an example of a polymorphic engine. References {{DEFAULTSORT:Polymorphic Engine Types of malware ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Software Component
A software component is a modular unit of software that encapsulates specific functionality. The desired characteristics of a component are reusability and maintainability. Value Components allow software development to assemble software with reliable parts rather than writing code for every aspect; allowing for implementation to be more like factory assembly than custom building. Attributes Desirable attributes of a component include but are not limited to: * Cohesive encapsulates related functionality * Reusable * Robust * ''Substitutable'' can be replaced by another component with the same interface * Documented * Tested Third-party Some components are built in-house by the same organization or team building the software system. Some are third-party, developed elsewhere and assembled into the software system. Component-based software engineering For large-scale systems, component-based development encourages a disciplined process to manage comple ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Polymorphic Code
In computing, polymorphic code is code that uses a polymorphic engine to mutate while keeping the original algorithm intact - that is, the ''code'' changes itself every time it runs, but the ''function'' of the code (its semantics) stays the same. For example, the simple math expressions 3+1 and 6-2 both achieve the same result, yet run with different machine code in a CPU. This technique is sometimes used by computer viruses, shellcodes and computer worms to hide their presence. Encryption is the most common method to hide code. With encryption, the main body of the code (also called its payload) is encrypted and will appear meaningless. For the code to function as before, a decryption function is added to the code. When the code is ''executed'', this function reads the payload and decrypts it before executing it in turn. Encryption alone is not polymorphism. To gain polymorphic behavior, the encryptor/decryptor pair is mutated with each copy of the code. This allows differen ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Payload (computing)
In computing and telecommunications, the payload is the part of transmitted data that is the actual intended message. Headers and metadata are sent only to enable payload delivery and are considered overhead. In the context of a computer virus or worm, the payload is the portion of the malware which performs malicious action. The term is borrowed from transportation, where '' payload'' refers to the part of the load that ''pays'' for transportation. Networking In computer networking, the data to be transmitted is the payload. It is almost always encapsulated in some type of frame format, composed of framing bits and a frame check sequence. Examples are Ethernet frames, Point-to-Point Protocol (PPP) frames, Fibre Channel frames, and V.42 modem frames. Programming In computer programming, the most common usage of the term is in the context of message protocols, to differentiate the protocol overhead from the actual data. For example, a JSON web service response might ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Software Engine
A software engine is a core software component, component of a Complex system, complex software system. The word "engine" is a metaphor of a car's engine. Thus a software engine is a complex subsystem. There is no formal guideline for what should be called an engine, but the term has become widespread in the software industry. Notable examples Multi-engine systems * Mainstream web browsers have both a Browser engine, rendering engine and a JavaScript engine. * Video games are often based on a game engine. Some of these also have specialized physics engine, physics or graphics engine, graphics engines. References {{Reflist Software engineering ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Malware
Malware (a portmanteau of ''malicious software'')Tahir, R. (2018)A study on malware and malware detection techniques . ''International Journal of Education and Management Engineering'', ''8''(2), 20. is any software intentionally designed to cause disruption to a computer, server (computing), server, Client (computing), client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types (i.e. computer viruses, Computer worm, worms, Trojan horse (computing), Trojan horses, logic bombs, ransomware, spyware, adware, rogue software, Wiper (malware), wipers and keyloggers). Malware poses serious problems to individuals and businesses on the Internet. According to NortonLifeLock, Symantec's 2018 Internet Security Threat Report (ISTR), malware variants number has increased to 66 ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Antivirus Software
Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses, hence the name. However, with the proliferation of other malware, antivirus software started to protect against other computer threats. Some products also include protection from malicious URLs, spam, and phishing. History 1971–1980 period (pre-antivirus days) The first known computer virus appeared in 1971 and was dubbed the " Creeper virus". This computer virus infected Digital Equipment Corporation's ( DEC) PDP-10 mainframe computers running the TENEX operating system.From the first email to the first YouTube video: a d ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Encryption
In Cryptography law, cryptography, encryption (more specifically, Code, encoding) is the process of transforming information in a way that, ideally, only authorized parties can decode. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Despite its goal, encryption does not itself prevent interference but denies the intelligible content to a would-be interceptor. For technical reasons, an encryption scheme usually uses a pseudo-random encryption Key (cryptography), key generated by an algorithm. It is possible to decrypt the message without possessing the key but, for a well-designed encryption scheme, considerable computational resources and skills are required. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients but not to unauthorized users. Historically, various forms of encryption have been used to aid in cryptography. Early encryption ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Obfuscation (software)
In software development, obfuscation is the practice of creating source code, source or machine code that is intentionally difficult for humans or computers to understand. Similar to obfuscation in natural language, code obfuscation may involve using unnecessarily roundabout ways to write statements. Programmers often obfuscate code to conceal its purpose, logic, or embedded values. The primary reasons for doing so are to prevent Anti-tamper software, tampering, deter reverse engineering, or to create a puzzle or recreational challenge to deobfuscate the code, a challenge often included in Crackme, crackmes. While obfuscation can be done manually, it is more commonly performed using Executable compression, obfuscators. Overview The architecture and characteristics of some languages may make them easier to obfuscate than others. C (programming language), C, C++, and the Perl programming language are some examples of languages easy to obfuscate. Haskell (programming language), Hask ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
File Binder
File binders are utility software that allow a user to "bind" multiple files together, resulting in a single executable. They are commonly used by Hacker (computer security), hackers to insert other programs such as Trojan horse (computing), Trojan horses into otherwise harmless files, making them more difficult to detect. Malware builders (such as Keystroke logging, keyloggers or stealers) often include a binder by default. A polymorphic packer is a file binder with a polymorphic engine. It thus has the ability to make its Payload (computing), payload mutate over time, so it is more difficult to detect and remove. See also *Dendroid (malware) *MiniPanzer and MegaPanzer – Trojan horses that used file binders for distribution. *Potentially unwanted program – sometimes have used file binders for distribution. References External links MiniPanzer Source Code on SourceForge Hacking (computer security) Types of malware Utility software {{software-type-stub ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Computer File
A computer file is a System resource, resource for recording Data (computing), data on a Computer data storage, computer storage device, primarily identified by its filename. Just as words can be written on paper, so too can data be written to a computer file. Files can be shared with and transferred between computers and Mobile device, mobile devices via removable media, Computer networks, networks, or the Internet. Different File format, types of computer files are designed for different purposes. A file may be designed to store a written message, a document, a spreadsheet, an Digital image, image, a Digital video, video, a computer program, program, or any wide variety of other kinds of data. Certain files can store multiple data types at once. By using computer programs, a person can open, read, change, save, and close a computer file. Computer files may be reopened, modified, and file copying, copied an arbitrary number of times. Files are typically organized in a file syst ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Polymorphic Packer
File binders are utility software that allow a user to "bind" multiple files together, resulting in a single executable. They are commonly used by hackers to insert other programs such as Trojan horses into otherwise harmless files, making them more difficult to detect. Malware builders (such as keyloggers or stealers) often include a binder by default. A polymorphic packer is a file binder with a polymorphic engine. It thus has the ability to make its payload mutate over time, so it is more difficult to detect and remove. See also * Dendroid (malware) * MiniPanzer and MegaPanzer – Trojan horses that used file binders for distribution. *Potentially unwanted program A potentially unwanted program (PUP) or potentially unwanted application (PUA) is software that a user may perceive as unwanted or unnecessary. It is used as a subjective tagging criterion by security and parental control products. Such software ma ... – sometimes have used file binders for distribution. Refere ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Virut
Virut is a cybercrime malware botnet, operating at least since 2006, and one of the major botnets and malware distributors on the Internet. In January 2013, its operations were disrupted by the Polish organization Naukowa i Akademicka Sieć Komputerowa. Characteristics Virut is a malware botnet that is known to be used for cybercrime activities such as DDoS attacks, spam (in collaboration with the Waledac botnet), fraud, data theft, and pay-per-install activities. It spreads through executable file infection (through infected USB sticks and other media), and more recently, through compromised HTML files (thus infecting vulnerable browsers visiting compromised websites). It has infected computers associated with at least 890,000 IP addresses in Poland. In 2012, Symantec estimated that the botnet had control of over 300,000 computers worldwide, primarily in Egypt, Pakistan and Southeast Asia (including India). A Kaspersky report listed Virut as the fifth-most widespread threat in ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
