Computer Viruses and Malware phần 3

có một cơ sở khoa học cho việc phân loại phần mềm độc hại. Trong thực tế, không có định nghĩa phổ quát được chấp nhận từ ngữ như "virus" và "con sâu", ít hơn nhiều thỏa thuận khi phân loại, mặc dù đã có những nỗ lực thường xuyên áp đặt formalisms toán học | Viruses 35 Before Decryption After Decryption for i in body decrypt body for i in body decrypt bodyi goto decrypted_body decrypted_body infect if trigger 0 is true payload Figure . Encrypted virus pseudocode very effective - once the presence of a virus is known it s trivial to detect and analyze. Encryption With an encrypted virus the idea is that the virus body infection trigger and pay load is encrypted in some way to make it harder to detect. This encryption is not what cryptographers call encryption virus encryption is better thought of as obfuscation. Where it s necessary to distinguish between the two meanings of the word I ll use the term strong encryption to mean encryption in the cryptographic sense. When the virus body is in encrypted form it s not runnable until decrypted. What executes first in the virus then is a decryptor loop which decrypts the virus body and transfers control to it. The general principle is that the decryptor loop is small compared to the virus body and provides a smaller profile for antivirus software to detect. Figure shows pseudocode for an encrypted virus. A decryptor loop can decrypt the virus body in place or to another location this choice may be dictated by external constraints like the writability of the infected program s code. This example shows an in-place decryption. How is virus encryption done Here are six ways 106 Simple encryption. No key is used for simple encryption just basic parameterless operations like incrementing and decrementing bitwise rotation arithmetic negation and logical NOT 10 36 COMPUTER VIRUSES AND MALWARE Encryption Decryption inc body -rol body -neg body - dec body ror body -neg body - Static encryption key. A static constant key is used for encryption which doesn t change from one infection to the next. The operations used would include arithmetic operations like addition and logical operations like XOR. Notice that the use of reversible operations is a common .

Không thể tạo bản xem trước, hãy bấm tải xuống
TỪ KHÓA LIÊN QUAN
TÀI LIỆU MỚI ĐĂNG
Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.