Sometimes ago I had finished the book about computer viruses and anti-viruses. This short article is just a summary of my recordings. Moreover, it is a translate from Russian to English(the book is in the Russian). I’ve got a lot of fun. Great work of the author, thanks a lot for it. ( Климентьев К.Е. “Компьютерные вирусы и антивирусы: взгляд программиста” – link to order).
I would like to talk about common technologies that use in some viruses, such as Win32.Zmist andWin32.MetaPHOR and etc. I am not a malware guy and don’t want to describe all stuff about internals, but just rewrite some concepts of those two from the book and other sources. Because viruses just use approaches of those two. Look:
- RPME – Real Permutation Engine
- UEP – Unknown Entry Point (same as EPO) : this method inserts first commands (entry point of a virus) inside of the middle of an original program.
- ETG – Executable Trash Generator : this method generates trash commands to hide original commands of a virus inside of a program.
- MistFall – mixing code of program and virus
- disassembler – this creates disassembly code of a program.
Let’s explore some principles.