Vulnerability Development mailing list archives
Re: Why not a changeling?
From: sigipp () WELLA COM BR (sigipp () WELLA COM BR)
Date: Mon, 22 May 2000 08:58:29 -0300
Hi, Just one question (may be i did not understand the whole thing): If a virus is built of two parts, a "payload" and a scrambler/descrambler with proprietary algoritm, the virus scanners do not depend on detecting the "payload", they simply depend on detecting the scrambler. Well, you could scramble the scrambler, but you see... The only thing i can imagine is, using a standard scrambler (like md5), which is installed at the user and is not part of the virus. The result of the scrambler should depend on a key (unlike simple compacting, zip and the like), and this key should be part of the virus, and on reduplicating itself, it should randomly generate a new key. A real amazing idea would be, create a scrambled virus, which, when descrambled with one key, result in one virus, and when descrambled with another key, should result in another virus. Well, but that´s utopia. If i missed anything, let me know. Greetings Siegfried Gipp
Current thread:
- Re: Why not a changeling? sigipp () WELLA COM BR (May 22)
- Re: Why not a changeling? Daniel Petzen (May 22)
- fdmount 0.8 exploit Paulo Ribeiro (May 22)
- Conserver Overflow James Snow (May 23)
- Re: Why not a changeling? Jeff Bachtel (May 23)
- Re: Why not a changeling? Michael H. Warfield (May 24)
- <Possible follow-ups>
- Re: Why not a changeling? Michael Wojcik (May 22)
- Re: Why not a changeling? White Vampire (May 23)
- Re: Why not a changeling? Dick St.Peters (May 25)
- Re: Why not a changeling? White Vampire (May 25)
- Re: Why not a changeling? White Vampire (May 23)
- Re: Why not a changeling? sigipp () WELLA COM BR (May 22)