6Â Different Techniques used by malware composers:
These are some techniques which are mostly used by the malware writers to hide virus or make detection most difficult.I have collected this nice article from a Hacking forum in Orkut.Before reading this article first read my previous PostÂ Difference between Virus,Worm andTrojans.
They inject there code into another file. As result the file size increases and when infected file is executed then the virus also activates. This is a technique used by malware composers to spread and hide as well.
The best example of polymorphic and parasitic worm is “win32/pate.b”(Mcafee). This virus inject it’s self into every .EXE and .SCR file on your hard disk and also in running processes. Its was released in 2001. According to symantec more than 1000+ cases were reported and more than 10 sites were triggered. My computer was also vitalized by this virus 2 times.
These viruses have capability to modify their own code one each next infection. They are quite difficult to detect. Some anti virus experts decompile the code of virus, study algorithm used in it and then make it’s signatures.To enable metamorphism, a metamorphic engine is needed.A metamorphic virus is usually very large and complex. For example, W32/Simile consisted of over 14000 lines of Assembly language code, 90% of which is part of the metamorphic engine.
Another method is the use of simple encryption to encrypt the code of the virus. In this case, the virus consists of a small decrypting module and an encrypted copy of the virus code.
This makes detected most difficult, Because here heuristic engine fails. Then AV companies tends to make their signatures. Many encrypting tools are available. But on the other hand genius hacker make their own encrypted.
Programming a Root kit is not a easy task. To make a virus consist of this quality should require a lot of codding, time to make it bug free and to work fine.
Certain packer are available for certain purposes. Malware composer use them to
- Minimize the file size.
- To make reverse engineering difficult.
- To combine more file in to a single .Exe file.
According to panda lab approx 500 packer are being used today. And 15% of then are packed with UPX(ultimate packer for Executables).
In computer science, a stealth virus is a file virus, that uses special techniques to hide its presence from users and virus scanners. Some time they use Root kit Technique to hide there self.This type of viruses become difficult and almost impossible to detect by user. According to Kaspersky rootkit was a challenge of 2008. Even ordinary analyzing software can’t detect it.
A root kit is the set of programs and code that allow a permanent and undetectable presence on a computer.To remain undetected, a back-door program must use stealth.
* Persistent Root kits:
A persistent root kit is one associated with malware that activates each time the system boots. Because such malware contain code that must be executed automatically each system start or when a user logs in, they must store code in a persistent store, such as the Registry or file system, and configure a method by which the code executes without user intervention.
* Memory-Based Root kits:
Memory-based root kits are malware that has no persistent code and therefore does not survive a reboot.
*Application level Root kits:
They usually operate by replacing normal application binaries with Trojan, or modifying program behavior through the use of hooks, patches, or other injected code.
While the use of such techniques to hide activity on computers has been around since 1986, their number and complexity has accelerated over the last three years, according to a McAfee report. In the first quarter alone, the Avert Labs found more than 827 stealth techniques. That contrasts with about 70 found in the same period in 2005 and with approximately 769 for the whole of that year.
Companies that have turned to the use of such technology include record label Sony BMG, which used it to hide copy protection code in 2005.
Programming a virus have Rootkit functionality is quit difficult its a quit low level programming it takes a lot to time to make such program to work properly and bugs free.
I hope you would have got more detailed Knowledge about Malware composers Techniques.
Other Useful Posts:
What is the Difference Between a Virus,Worm and Trojan
5 Important Secutity Test for your Computer
Virus Solutions | Latest Security Tools