funsec mailing list archives
Re: Re: Question about Viruses
From: Valdis.Kletnieks () vt edu
Date: Fri, 07 Jul 2006 19:05:03 -0400
On Sat, 08 Jul 2006 00:30:52 +0200, Peter Kosinar said:
Thus, the infections by two different EPO's can actually commute (in the sense of the file being infected by Vir1 and Vir2 can result in exactly the same file as if the file was infected by Vir2 and Vir1 in that order). In fact, the "infection-graph" of a program can no longer be assumed to be linear (as it used to be in the good old times with just simple infectors around) and it can (theoretically, practical samples of this kind have not been observed) be arbitrarily complex DAG (directed acyclic graph).
Anybody observed a case where Vir2 went looking for a call site to hijack, and it found a call inside Vir1 rather than the original code? Or do most of these things target a known fixed call inside the original rather than scanning the binary looking for a suitable opcode (similar to 'hydan' scanning for suitable opcodes for encoding a stego imprint on a binary?)
Attachment:
_bin
Description:
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: Question about Viruses, (continued)
- RE: Question about Viruses Larry Seltzer (Jul 07)
- RE: Overloading AV software, was Question about Viruses Richard M. Smith (Jul 07)
- RE: Overloading AV software, was Question about Viruses Drsolly (Jul 07)
- RE: Overloading AV software, was Question about Viruses Richard M. Smith (Jul 07)
- Re: Overloading AV software, was Question about Viruses Dude VanWinkle (Jul 07)
- Re: Overloading AV software, was Question about Viruses Drsolly (Jul 07)
- Re: Overloading AV software, was Question about Viruses Dude VanWinkle (Jul 07)
- Re: Question about Viruses Peter Kosinar (Jul 07)
- Re: Re: Question about Viruses Drsolly (Jul 07)
- Re: Re: Question about Viruses Peter Kosinar (Jul 07)
- Re: Re: Question about Viruses Valdis . Kletnieks (Jul 07)
- Re: Re: Question about Viruses Peter Kosinar (Jul 07)
- Re: Re: Question about Viruses Drsolly (Jul 07)
- RE: Question about Viruses Larry Seltzer (Jul 07)
- Re: Re: Question about Viruses Dude VanWinkle (Jul 08)
- Re: Re: Question about Viruses Peter Kosinar (Jul 08)
- Re: Re: Question about Viruses Drsolly (Jul 08)
- Re: Overloading AV software, was Question about Viruses Drsolly (Jul 07)
- Re: Overloading AV software, was Question about Viruses Dude VanWinkle (Jul 07)
- RE: Overloading AV software, was Question about Viruses Peter Kosinar (Jul 07)
- Re: Overloading AV software, was Question about Viruses Valdis . Kletnieks (Jul 07)
- RE: Overloading AV software, try #2 Richard M. Smith (Jul 07)