funsec mailing list archives

Re: Re: Question about Viruses

From: "Dude VanWinkle" <dudevanwinkle () gmail com>
Date: Sat, 8 Jul 2006 07:19:35 -0400

On 7/7/06, Peter Kosinar <goober () nuf ksp sk> wrote:

> well, I just ran a script to insert a newline character into all the
> source code for viruses I downloaded from
> http://www.totallygeek.com/vscdb/ so the number is now more like
> 400,000 :-)

Nope, unless you inserted the newline into some kind of string, you've
only doubled the number of source codes... Though, you could have
also tried space<->tab and CRLF<->LF conversion (and combination thereof),
thus quadrupling the number of sources! :-)



Forgive the ignorance, but is that all a polymorphic virus is? Someone
adding useless code to the app to change its signature?

-JP
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

RE: Overloading AV software, was Question about Viruses, (continued)
- - - RE: Overloading AV software, was Question about Viruses Richard M. Smith (Jul 07)
    - Re: Overloading AV software, was Question about Viruses Dude VanWinkle (Jul 07)
    - Re: Overloading AV software, was Question about Viruses Drsolly (Jul 07)
    - Re: Overloading AV software, was Question about Viruses Dude VanWinkle (Jul 07)
    - Re: Question about Viruses Peter Kosinar (Jul 07)
    - Re: Re: Question about Viruses Drsolly (Jul 07)
    - Re: Re: Question about Viruses Peter Kosinar (Jul 07)
    - Re: Re: Question about Viruses Valdis . Kletnieks (Jul 07)
    - Re: Re: Question about Viruses Peter Kosinar (Jul 07)
    - Re: Re: Question about Viruses Drsolly (Jul 07)
    - Re: Re: Question about Viruses Dude VanWinkle (Jul 08)
    - Re: Re: Question about Viruses Peter Kosinar (Jul 08)
    - Re: Re: Question about Viruses Drsolly (Jul 08)
    - Re: Overloading AV software, was Question about Viruses Drsolly (Jul 07)
    - Re: Overloading AV software, was Question about Viruses Dude VanWinkle (Jul 07)
    - RE: Overloading AV software, was Question about Viruses Peter Kosinar (Jul 07)
    - Re: Overloading AV software, was Question about Viruses Valdis . Kletnieks (Jul 07)
    - RE: Overloading AV software, try #2 Richard M. Smith (Jul 07)
    - Re: Overloading AV software, try #2 Valdis . Kletnieks (Jul 07)
    - RE: Overloading AV software, try #2 Richard M. Smith (Jul 07)
    - Re: Overloading AV software, try #2 Dude VanWinkle (Jul 07)

(Thread continues...)