|
Metamorphic Code
Metamorphic code is code that when run outputs a logically equivalent version of its own code under some interpretation. This is similar to a quine, except that a quine's source code is exactly equivalent to its own output. Metamorphic code also usually outputs machine code and not its own source code. Overview Metamorphic code is used by computer viruses to avoid the pattern recognition of anti-virus software. Metamorphic viruses often translate their own binary code into a temporary representation, editing the temporary representation of themselves and then translate the edited form back to machine code again. This procedure is done with the virus itself, and thus also the metamorphic engine itself undergoes changes, which means that no part of the virus stays the same. This differs from polymorphic code, where the polymorphic engine can not rewrite its own code. Metamorphic code is used by some viruses when they are about to infect new files, and the result is that the next gen ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Logical Equivalence
In logic and mathematics, statements p and q are said to be logically equivalent if they have the same truth value in every model. The logical equivalence of p and q is sometimes expressed as p \equiv q, p :: q, \textsfpq, or p \iff q, depending on the notation being used. However, these symbols are also used for material equivalence, so proper interpretation would depend on the context. Logical equivalence is different from material equivalence, although the two concepts are intrinsically related. Logical equivalences In logic, many common logical equivalences exist and are often listed as laws or properties. The following tables illustrate some of these. General logical equivalences Logical equivalences involving conditional statements :#p \rightarrow q \equiv \neg p \vee q :#p \rightarrow q \equiv \neg q \rightarrow \neg p :#p \vee q \equiv \neg p \rightarrow q :#p \wedge q \equiv \neg (p \rightarrow \neg q) :#\neg (p \rightarrow q) \equiv p \wedge \neg q :#(p \righta ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Operating System
An operating system (OS) is system software that manages computer hardware and software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for efficient use of the system and may also include accounting software for cost allocation of Scheduling (computing), processor time, mass storage, peripherals, and other resources. For hardware functions such as input and output and memory allocation, the operating system acts as an intermediary between programs and the computer hardware, although the application code is usually executed directly by the hardware and frequently makes system calls to an OS function or is interrupted by it. Operating systems are found on many devices that contain a computerfrom cellular phones and video game consoles to web servers and supercomputers. , Android (operating system), Android is the most popular operating system with a 46% market share, followed ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Polymorphic Code
In computing, polymorphic code is code that uses a polymorphic engine to mutate while keeping the original algorithm intact - that is, the ''code'' changes itself every time it runs, but the ''function'' of the code (its semantics) stays the same. For example, the simple math expressions 3+1 and 6-2 both achieve the same result, yet run with different machine code in a CPU. This technique is sometimes used by computer viruses, shellcodes and computer worms to hide their presence. Encryption is the most common method to hide code. With encryption, the main body of the code (also called its payload) is encrypted and will appear meaningless. For the code to function as before, a decryption function is added to the code. When the code is ''executed'', this function reads the payload and decrypts it before executing it in turn. Encryption alone is not polymorphism. To gain polymorphic behavior, the encryptor/decryptor pair is mutated with each copy of the code. This allows differen ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Self-modifying Code
In computer science, self-modifying code (SMC or SMoC) is source code, code that alters its own instruction (computer science), instructions while it is execution (computing), executing – usually to reduce the instruction path length and improve computer performance, performance or simply to reduce otherwise duplicate code, repetitively similar code, thus simplifying software maintenance, maintenance. The term is usually only applied to code where the self-modification is intentional, not in situations where code accidentally modifies itself due to an error such as a buffer overflow. Self-modifying code can involve overwriting existing instructions or generating new code at run time and transferring control to that code. Self-modification can be used as an alternative to the method of "flag setting" and conditional program branching, used primarily to reduce the number of times a condition needs to be tested. The method is frequently used for conditionally invoking test/deb ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
ZMist (computer Virus)
Zmist (also known as Z0mbie.Mistfall) is a metamorphic computer virus created by the Russian virus writer known as Z0mbie. It was the first virus to use a technique known as "code integration". In the words of Ferrie and Ször:Ferrie, Peter; and Ször, Péter''Zmist opportunities'' Virus Bulletin, March 2001, Abingdon, Oxfordshire (UK), pp. 6–7 This virus supports a unique new technique: code integration. The Mistfall engine contained in it is capable of decompiling Portable Executable files to heirsmallest elements, requiring 32 MB of memory. Zmist will insert itself into the code: it moves code blocks out of the way, inserts itself, regenerates code and data references, including relocation information, and rebuilds the executable. Variants *Zmist.gen!674CD7362358 - discovered in 2012. *ZMist!IK - discovered 2011 - 2012. *Zmist.A - discovered in 2006 - 2007. See also *Simile, a well-known metamorphic virus *Computer virus A computer virus is a type of malware tha ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Simile (computer Virus)
Win32/Simile (also known as Etap and MetaPHOR) is a metamorphic computer virus written in assembly language for Microsoft Windows. The virus was released in its most recent version in early March 2002. It was written by the virus writer "Mental Driller". Some of his previous viruses, such as Win95/Drill (which used the TUAREG polymorphic engine), have proved very challenging to detect. When the virus is first executed, it checks the current date. If the host file (the file that is infected with the virus) imports the file User32.dll, then on 17 March, June, September, or December, a message is displayed. Depending on the version of the virus, the case of each letter in the text is altered randomly. On 14 May (the anniversary of Israeli independence day), a message saying "Free Palestine!" will be displayed if the system locale is set to Hebrew. The virus then rebuilds itself. This metamorphic process is very complex and accounts for around 90% of the virus' code. After the rebuil ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Shellcode
In hacking, a shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability. It is called "shellcode" because it typically starts a command shell from which the attacker can control the compromised machine, but any piece of code that performs a similar task can be called shellcode. Because the function of a payload is not limited to merely spawning a shell, some have suggested that the name shellcode is insufficient. However, attempts at replacing the term have not gained wide acceptance. Shellcode is commonly written in machine code. When creating shellcode, it is generally desirable to make it both small and executable, which allows it to be used in as wide a variety of situations as possible. In assembly code, the same function can be performed in a multitude of ways and there is some variety in the lengths of opcodes that can be used for this purpose; good shellcode writers can put these small opcodes to use to create more compact ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Linux
Linux ( ) is a family of open source Unix-like operating systems based on the Linux kernel, an kernel (operating system), operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically package manager, packaged as a Linux distribution (distro), which includes the kernel and supporting system software and library (computing), libraries—most of which are provided by third parties—to create a complete operating system, designed as a clone of Unix and released under the copyleft GPL license. List of Linux distributions, Thousands of Linux distributions exist, many based directly or indirectly on other distributions; popular Linux distributions include Debian, Fedora Linux, Linux Mint, Arch Linux, and Ubuntu, while commercial distributions include Red Hat Enterprise Linux, SUSE Linux Enterprise, and ChromeOS. Linux distributions are frequently used in server platforms. Many Linux distributions use the word "Linux" in their name, but the Free ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Microsoft Windows
Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sectors of the computing industry – Windows (unqualified) for a consumer or corporate workstation, Windows Server for a Server (computing), server and Windows IoT for an embedded system. Windows is sold as either a consumer retail product or licensed to Original equipment manufacturer, third-party hardware manufacturers who sell products Software bundles, bundled with Windows. The first version of Windows, Windows 1.0, was released on November 20, 1985, as a graphical operating system shell for MS-DOS in response to the growing interest in graphical user interfaces (GUIs). The name "Windows" is a reference to the windowing system in GUIs. The 1990 release of Windows 3.0 catapulted its market success and led to various other product families ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Heuristic Analysis
Heuristic analysis is a method employed by many computer antivirus programs designed to detect previously unknown computer viruses, as well as new variants of viruses already in the "wild". Heuristic analysis is an expert based analysis that determines the susceptibility of a system towards particular threat/risk using various decision rules or weighing methods. MultiCriteria analysis (MCA) is one of the means of weighing. This method differs from statistical analysis, which bases itself on the available data/statistics. Operation Most antivirus programs that utilize heuristic analysis perform this function by executing the programming commands of a questionable program or script within a specialized virtual machine, thereby allowing the anti-virus program to internally simulate what would happen if the suspicious file were to be executed while keeping the suspicious code isolated from the real-world machine. It then analyzes the commands as they are performed, monitoring for co ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
