Vulnerability Development mailing list archives
Re: Another new worm??? (technical)
From: 11a () GMX NET (Bluefish)
Date: Sat, 24 Jun 2000 03:51:02 +0200
I wonder if this has a useful implementation: instructions a, b, and c written as a b c or a nop b bop c nop
I have my doubt. Assume some code to be moderatly advanced, then it's likely to be using all or almost all registers. If a nop suddenly becomes a none-nop, it most likely will cause a failure. And chaning one nop into another nop (like going from XCHG AH,AH to MOV AH,AH) should, if the scanner is decently coded, make no difference. Besides, in lowlevel (assembly) viruses, you typically use polymorphic encryption which seems a lot more intelligent/scientific than randomly changing one instruction of the machine code. ..:::::::::::::::::::::::::::::::::::::::::::::::::.. http://www.11a.nu || http://bluefish.11a.nu eleventh alliance development & security team
Current thread:
- Re: Another new worm???, (continued)
- Re: Another new worm??? Joe Gee (Jun 20)
- Re: Another new worm??? Dan Schrader (Jun 21)
- Re: Another new worm??? Bennett Todd (Jun 21)
- Re: Another new worm??? (technical) Pierre Vandevenne (Jun 22)
- Re: Another new worm??? (technical) Bluefish (Jun 23)
- Re: Another new worm??? (technical) Pierre Vandevenne (Jun 23)
- Re: Another new worm??? (technical) Max Vision (Jun 23)
- Re: Another new worm??? (technical) Pierre Vandevenne (Jun 23)
- Re: Another new worm??? (technical) Max Vision (Jun 23)
- Re: Another new worm??? (technical) Pierre Vandevenne (Jun 23)
- Re: Another new worm??? Bennett Todd (Jun 21)
- Re: Another new worm??? (technical) Bluefish (Jun 23)
- Re: Another new worm??? (technical) Bluefish (Jun 23)
- Capturing System Calls Green Charles Contr AFRL/IFGB (Jun 22)
- Re: Capturing System Calls Christofer C. Bell (Jun 22)
- Re: Capturing System Calls Steve Mosher (Jun 22)
- Re: Capturing System Calls Chon-Chon Tang (Jun 22)
- Re: Capturing System Calls Jonathan Leto (Jun 22)
- Re: Capturing System Calls Michal Zalewski (Jun 22)
- Re: Capturing System Calls Ryan Permeh (Jun 22)
- Re: Capturing System Calls Pavel Kankovsky (Jun 22)
- Re: Capturing System Calls Todd Garrison (Jun 22)