Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Another new worm??? (technical)

From: pierre () DATARESCUE COM (Pierre Vandevenne)
Date: Fri, 23 Jun 2000 23:43:07 +0200

On Fri, 23 Jun 2000 13:56:53 -0700 (PDT), Max Vision wrote:


I really don't have time to get into this, but I need to at least clarify
that I was *not* talking about an after-the-fact insertion of NOPs, I was
talking about having code enginered from the start.  Offsets, byte/word
boundaries, etc are not an issue at the level that I was refering to :)


OK I see - but that really has been explored inside out and is
extremely easy to handle (in terms of detection).

See for example this virus ( yeah, I am biased ;-) )

http://www.europe.f-secure.com/v-descs/bombtrac.htm

I have a suggestion - if there is anyone interested in those
polymorphic techniques e-mail me directly - assembly routines and the
history of polymorphism might be a bit heavy for this list...


---
http://www.datarescue.com/idabase/ida.htm
IDA Pro 4.1 - Yes, we have done it again !
Previous By Date Next
Previous By Thread Next

Current thread: