SlideShare ist ein Scribd-Unternehmen logo

Viruses and Anti-Viruses

Als PPS, PDF herunterladen
Ayman Hussein
Ayman Hussein

Viruses, Anti-virus and Anti-anti-virus Techniques . Timid Virus Example with it's assembly code

Weiterbildung und Persönlichkeitsentwicklung
1 von 64
 
Plan of talk ,[object Object],[object Object],[object Object],[object Object],[object Object]
Kinds of malware ,[object Object],[object Object],[object Object],[object Object]
Worms ,[object Object]
Worm Propagation Leverage Network Connectivity
Spyware ,[object Object],[object Object]
Trojan horses ,[object Object],[object Object]
Trojan Leverages gullible users
Adware ,[object Object]
The functional logic of a virus ,[object Object],[object Object],[object Object],[object Object],[object Object]
Virus Virus – Needs a host V
Virus Propagation Leverage User Connectivity
Detection Technologies ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Virus (Malware) Identification Anti-Virus Signature Virus Form - A Antivirus scanners use extracted patterns, or “signatures” to identify known malware. Signature
Static Signature ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Static Signature Ex:- 8BEF 33C0 BF ?? ???? ?? 03 FDB9 ?? 0A 0000 8A85 ???? ???? 3007 47E2 FBEB
Dynamic Signature ,[object Object],[object Object]
Attacking Integrity Checkers ,[object Object],[object Object],[object Object],[object Object]
Attacking static signature - Metamorphism Virus Form - C M M Virus Virus Form - A Form - B ,[object Object],[object Object]
Metamorphism Example mov [ebp - 3], eax push ecx mov ecx,ebp add ecx,33 push esi mov esi,ecx sub esi,34 mov [esi-2],eax pop esi pop ecx push ecx mov ecx, ebp push eax mov eax, 33 add ecx, eax pop eax push esi mov esi, ecx push edx mov edx, 34 sub esi, edx pop edx mov [esi - 2], eax pop esi pop ecx push ecx mov ecx, [ebp + 10] mov ecx, ebp push eax add eax, 2342 mov eax, 33 add ecx, eax pop eax mov eax, esi push eax mov esi, ecx push edx xor edx, 778f mov edx, 34 sub esi, edx pop edx mov [esi-2], eax pop esi pop ecx push ecx mov ecx,ebp add ecx,33 mov [ecx-36],eax pop ecx
Attacking static signature- Metamorphism Anti-Virus Signature Virus Form - C M M Virus Virus Form - A Form - B Too many signatures challenge the AV Scanner Using different signatures for most variants cannot scale.
Attacking Behavior Monitors ,[object Object]
“ Undo” Metamorphism mov [ebp - 3], eax push ecx mov ecx,ebp add ecx,33 push esi mov esi,ecx sub esi,34 mov [esi-2],eax pop esi pop ecx push ecx mov ecx, ebp push eax mov eax, 33 add ecx, eax pop eax push esi mov esi, ecx push edx mov edx, 34 sub esi, edx pop edx mov [esi - 2], eax pop esi pop ecx push ecx mov ecx, [ebp + 10] mov ecx, ebp push eax add eax, 2342 mov eax, 33 add ecx, eax pop eax mov eax, esi push eax mov esi, ecx push edx xor edx, 778f mov edx, 34 sub esi, edx pop edx mov [esi-2], eax pop esi pop ecx push ecx mov ecx,ebp add ecx,33 mov [ecx-36],eax pop ecx
Detecting Metamorphism ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Code Emulation ,[object Object]
Virus Phylogeny [email_address] W32/Bagle.j@mm [email_address] W32/Klez.i@MM W32/NetSky.B [email_address] [email_address] [email_address] [email_address] W32/Bagle.a@mm [email_address] W32/Klez.f@MM W32/Bagle.ao@mm W32/Bagle.u@mm W32/Klez.e@MM W32.NetSky.D W32.NetSky.B W32.NetSky.A W32/Bugbear.17916intd W32/NetSky.A ??
Virus Phylogeny [email_address] [email_address] [email_address] [email_address] [email_address] [email_address] W32/Bagle.a@mm W32/Bagle.j@mm [email_address] W32/Klez.i@MM W32/Klez.f@MM W32/Bagle.aq@mm W32/Bagle.u@mm W32/Klez.e@MM W32.NetSky.D W32.NetSky.B W32.NetSky.A W32/Bugbear.17916intd W32/NetSky.B W32/NetSky.A ?? ?? Symantec McAfee
Deobfuscator of Calls NORMAL CALL L0: call L5 L1: … L2: … L3: … L4: … L5: <proc> L6: … Call Obfsucations to prevent static analysis OBFUSCATED CALL L0a: push L1 L0b: push L5 L0c: ret L1: … L2: … L3: … L4: … L5: <proc> L6: …
DOC: Deobfuscator of Calls DOC
Timid ,[object Object]
What Timid Virus do ,[object Object],[object Object],[object Object]
Overwriting Viruses
Overwriting Viruses
Overwriting Viruses
Overwriting Viruses
Difference Between .COM and .EXE files ,[object Object],[object Object],[object Object]
Difference Between .COM and .EXE files
How to Write a .COM program ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
How to assemble it
Example of .COM code ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
A.BAT file ,[object Object]
 
TIMID The Host of our Virus TIMID
labels
Host ,[object Object],[object Object]
virus ,[object Object]
VIRUS_START ,[object Object],[object Object]
GET_START ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
EXIT_VIRUS ,[object Object],[object Object]
START_CODE ,[object Object],[object Object]
FIND_FILE ,[object Object],[object Object]
FF_LOOP ,[object Object],[object Object],[object Object]
FF_DONE ,[object Object]
FILE_OK ,[object Object],[object Object]
FOK_NZEND ,[object Object]
FOK_ZEND ,[object Object]
INFECT ,[object Object]
FINAL ,[object Object]
Summary ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Empfohlen

Computer viruses
Computer virusesComputer viruses
Computer virusesImran Khan
 
Virus
VirusVirus
VirusMukul Kumar
 
Computer virus
Computer virusComputer virus
Computer virusUtchi
 
Malware
MalwareMalware
MalwareHarshdeep Singh
 
Malicious software
Malicious softwareMalicious software
Malicious softwaremsdeepika
 
Malicious software group 24
Malicious software group 24Malicious software group 24
Malicious software group 24Muhammad Zain
 
Computer Virus
Computer VirusComputer Virus
Computer VirusRajah Anuragavan
 
Virus and antivirus final ppt
Virus and antivirus final pptVirus and antivirus final ppt
Virus and antivirus final pptaritradutta22
 

Empfohlen

Computer viruses
Computer virusesComputer viruses
Computer virusesImran Khan
 
Virus
VirusVirus
VirusMukul Kumar
 
Computer virus
Computer virusComputer virus
Computer virusUtchi
 
Malware
MalwareMalware
MalwareHarshdeep Singh
 
Malicious software
Malicious softwareMalicious software
Malicious softwaremsdeepika
 
Malicious software group 24
Malicious software group 24Malicious software group 24
Malicious software group 24Muhammad Zain
 
Computer Virus
Computer VirusComputer Virus
Computer VirusRajah Anuragavan
 
Virus and antivirus final ppt
Virus and antivirus final pptVirus and antivirus final ppt
Virus and antivirus final pptaritradutta22
 
Computer Virus
Computer VirusComputer Virus
Computer VirusDebraj Chatterjee
 
Trojan horse
Trojan horseTrojan horse
Trojan horseGaurang Rathod
 
computer virus
computer viruscomputer virus
computer virusKunal Yadav
 
Computer virus
Computer virusComputer virus
Computer virusRahul Baghla
 
Different types of computer viruses
Different types of computer virusesDifferent types of computer viruses
Different types of computer virusestheonlineguru
 
virus,worms & analysis
virus,worms & analysis virus,worms & analysis
virus,worms & analysisPriyatham Galisetty
 
Lecture 12 malicious software
Lecture 12 malicious software Lecture 12 malicious software
Lecture 12 malicious software rajakhurram
 
introduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseintroduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseSpandan Patnaik
 
Presentación1
Presentación1Presentación1
Presentación1Alex Figueroa
 
Learning malware for fun and profit
Learning malware for fun and profitLearning malware for fun and profit
Learning malware for fun and profitsr1nu
 
Malicious
MaliciousMalicious
MaliciousKhyati Rajput
 
Malicious Software Identification
Malicious Software IdentificationMalicious Software Identification
Malicious Software Identificationsandeep shergill
 
Final malacious softwares
Final malacious softwaresFinal malacious softwares
Final malacious softwaresMirza Adnan Baig
 
Computer Worms
Computer WormsComputer Worms
Computer Wormssadique_ghitm
 
What is virus and methods to recover from different types of viruses
What is virus and methods to recover from different types of virusesWhat is virus and methods to recover from different types of viruses
What is virus and methods to recover from different types of virusesAjay Sharma
 
Introductio to Virus
Introductio to VirusIntroductio to Virus
Introductio to VirusUniversity of Sindh, Jamshoro
 
Compter virus and its solution
Compter virus and its solutionCompter virus and its solution
Compter virus and its solutionManoj Dongare
 
Virus&malware
Virus&malwareVirus&malware
Virus&malwareRobin Garza
 
Computer virus 2
Computer virus 2Computer virus 2
Computer virus 2Nishant Reshwal
 
Introductions To Malwares
Introductions To MalwaresIntroductions To Malwares
Introductions To MalwaresCyber Vignan
 
Network Topologies
Network TopologiesNetwork Topologies
Network Topologiesdbrown1
 
Podcasting
PodcastingPodcasting
Podcastingrubenduran
 

Weitere ähnliche Inhalte

Was ist angesagt?

Different types of computer viruses
Different types of computer virusesDifferent types of computer viruses
Different types of computer virusestheonlineguru
 
Lecture 12 malicious software
Lecture 12 malicious software Lecture 12 malicious software
Lecture 12 malicious software rajakhurram
 
introduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseintroduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseSpandan Patnaik
 
Learning malware for fun and profit
Learning malware for fun and profitLearning malware for fun and profit
Learning malware for fun and profitsr1nu
 
Malicious Software Identification
Malicious Software IdentificationMalicious Software Identification
Malicious Software Identificationsandeep shergill
 
What is virus and methods to recover from different types of viruses
What is virus and methods to recover from different types of virusesWhat is virus and methods to recover from different types of viruses
What is virus and methods to recover from different types of virusesAjay Sharma
 
Compter virus and its solution
Compter virus and its solutionCompter virus and its solution
Compter virus and its solutionManoj Dongare
 
Introductions To Malwares
Introductions To MalwaresIntroductions To Malwares
Introductions To MalwaresCyber Vignan
 

Was ist angesagt? (20)

Computer Virus
Computer VirusComputer Virus
Computer Virus
 
Trojan horse
Trojan horseTrojan horse
Trojan horse
 
computer virus
computer viruscomputer virus
computer virus
 
Computer virus
Computer virusComputer virus
Computer virus
 
Different types of computer viruses
Different types of computer virusesDifferent types of computer viruses
Different types of computer viruses
 
virus,worms & analysis
virus,worms & analysis virus,worms & analysis
virus,worms & analysis
 
Lecture 12 malicious software
Lecture 12 malicious software Lecture 12 malicious software
Lecture 12 malicious software
 
introduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseintroduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horse
 
Presentación1
Presentación1Presentación1
Presentación1
 
Learning malware for fun and profit
Learning malware for fun and profitLearning malware for fun and profit
Learning malware for fun and profit
 
Malicious
MaliciousMalicious
Malicious
 
Malicious Software Identification
Malicious Software IdentificationMalicious Software Identification
Malicious Software Identification
 
Final malacious softwares
Final malacious softwaresFinal malacious softwares
Final malacious softwares
 
Computer Worms
Computer WormsComputer Worms
Computer Worms
 
What is virus and methods to recover from different types of viruses
What is virus and methods to recover from different types of virusesWhat is virus and methods to recover from different types of viruses
What is virus and methods to recover from different types of viruses
 
Introductio to Virus
Introductio to VirusIntroductio to Virus
Introductio to Virus
 
Compter virus and its solution
Compter virus and its solutionCompter virus and its solution
Compter virus and its solution
 
Virus&malware
Virus&malwareVirus&malware
Virus&malware
 
Computer virus 2
Computer virus 2Computer virus 2
Computer virus 2
 
Introductions To Malwares
Introductions To MalwaresIntroductions To Malwares
Introductions To Malwares
 

Andere mochten auch

Network Topologies
Network TopologiesNetwork Topologies
Network Topologiesdbrown1
 
Computer Network
Computer NetworkComputer Network
Computer NetworkCma Mohd
 
Computer networking devices
Computer networking devicesComputer networking devices
Computer networking devicesRajesh Sadhukha
 
Dasar dasar virus komputer
Dasar dasar virus komputerDasar dasar virus komputer
Dasar dasar virus komputerreadoneitz
 
Computer Ergonomics
Computer ErgonomicsComputer Ergonomics
Computer ErgonomicsYavira Marte
 
Customer handling
Customer handlingCustomer handling
Customer handlingSamik Pal
 
Chap. 4 types of consumer
Chap. 4 types of consumerChap. 4 types of consumer
Chap. 4 types of consumerMagiel Amora
 
Open Source Shareware Freeware
Open Source Shareware FreewareOpen Source Shareware Freeware
Open Source Shareware FreewareWilliam Stites
 
Utility software
Utility softwareUtility software
Utility softwareadeang47
 
Types of customers and their needs
Types of customers and their needsTypes of customers and their needs
Types of customers and their needsGuillaume T Mbenoun
 

Andere mochten auch (20)

Network Topologies
Network TopologiesNetwork Topologies
Network Topologies
 
Podcasting
PodcastingPodcasting
Podcasting
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Computer Network
Computer NetworkComputer Network
Computer Network
 
Computer networking devices
Computer networking devicesComputer networking devices
Computer networking devices
 
Dasar dasar virus komputer
Dasar dasar virus komputerDasar dasar virus komputer
Dasar dasar virus komputer
 
Printer
PrinterPrinter
Printer
 
Computer Ergonomics
Computer ErgonomicsComputer Ergonomics
Computer Ergonomics
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Software
SoftwareSoftware
Software
 
Storage Devices
Storage DevicesStorage Devices
Storage Devices
 
Customer handling
Customer handlingCustomer handling
Customer handling
 
How Motherboards Work
How Motherboards WorkHow Motherboards Work
How Motherboards Work
 
Windows Utilities
Windows UtilitiesWindows Utilities
Windows Utilities
 
Chap. 4 types of consumer
Chap. 4 types of consumerChap. 4 types of consumer
Chap. 4 types of consumer
 
Open Source Shareware Freeware
Open Source Shareware FreewareOpen Source Shareware Freeware
Open Source Shareware Freeware
 
Utility software
Utility softwareUtility software
Utility software
 
Types of customers and their needs
Types of customers and their needsTypes of customers and their needs
Types of customers and their needs
 
spam
spamspam
spam
 
Types Of Customers
Types Of CustomersTypes Of Customers
Types Of Customers
 

Ähnlich wie Viruses and Anti-Viruses

Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9koolkampus
 
Sality, a parasitic virus gets a upgrade – TotalDefense Blog
Sality, a parasitic virus gets a upgrade – TotalDefense BlogSality, a parasitic virus gets a upgrade – TotalDefense Blog
Sality, a parasitic virus gets a upgrade – TotalDefense BlogTotalDefense
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyOPSWAT
 
Computer Viruses and Classification lecture slides ppt
Computer Viruses and Classification lecture slides pptComputer Viruses and Classification lecture slides ppt
Computer Viruses and Classification lecture slides pptOsama Yousaf
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPES MALWARE AND ITS TYPES
MALWARE AND ITS TYPES Sagilasagi1
 
Viruses & Malware
Viruses & MalwareViruses & Malware
Viruses & MalwareT.J. Schiel
 
Software security
Software securitySoftware security
Software securityjes_d
 
Module 16 (virus)
Module 16 (virus)Module 16 (virus)
Module 16 (virus)Wail Hassan
 
Modern malware and threats
Modern malware and threatsModern malware and threats
Modern malware and threatsMartin Holovský
 

Ähnlich wie Viruses and Anti-Viruses (20)

virus
virusvirus
virus
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9
 
virus.ppt
virus.pptvirus.ppt
virus.ppt
 
Sality, a parasitic virus gets a upgrade – TotalDefense Blog
Sality, a parasitic virus gets a upgrade – TotalDefense BlogSality, a parasitic virus gets a upgrade – TotalDefense Blog
Sality, a parasitic virus gets a upgrade – TotalDefense Blog
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny Czarny
 
Module 5.pdf
Module 5.pdfModule 5.pdf
Module 5.pdf
 
Module 5.Malware
Module 5.MalwareModule 5.Malware
Module 5.Malware
 
Computer Viruses and Classification lecture slides ppt
Computer Viruses and Classification lecture slides pptComputer Viruses and Classification lecture slides ppt
Computer Viruses and Classification lecture slides ppt
 
Virus
VirusVirus
Virus
 
Computer virus 18
Computer virus 18Computer virus 18
Computer virus 18
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPES MALWARE AND ITS TYPES
MALWARE AND ITS TYPES
 
Viruses & Malware
Viruses & MalwareViruses & Malware
Viruses & Malware
 
Software security
Software securitySoftware security
Software security
 
Types of Virus & Anti-virus
Types of Virus & Anti-virusTypes of Virus & Anti-virus
Types of Virus & Anti-virus
 
Module 16 (virus)
Module 16 (virus)Module 16 (virus)
Module 16 (virus)
 
Modern malware and threats
Modern malware and threatsModern malware and threats
Modern malware and threats
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Malware
MalwareMalware
Malware
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 

Kürzlich hochgeladen

WOMEN EMPOWERMENT women empowerment.pptx
WOMEN EMPOWERMENT women empowerment.pptxWOMEN EMPOWERMENT women empowerment.pptx
WOMEN EMPOWERMENT women empowerment.pptxpadhand000
 
2k Shots ≽ 9205541914 ≼ Call Girls In Palam (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Palam (Delhi)2k Shots ≽ 9205541914 ≼ Call Girls In Palam (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Palam (Delhi)Delhi Call girls
 
Top Rated Pune Call Girls Tingre Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Tingre Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Tingre Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Tingre Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Se...Call Girls in Nagpur High Profile
 
Pokemon Go... Unraveling the Conspiracy Theory
Pokemon Go... Unraveling the Conspiracy TheoryPokemon Go... Unraveling the Conspiracy Theory
Pokemon Go... Unraveling the Conspiracy Theorydrae5
 
$ Love Spells^ 💎 (310) 882-6330 in West Virginia, WV | Psychic Reading Best B...
$ Love Spells^ 💎 (310) 882-6330 in West Virginia, WV | Psychic Reading Best B...$ Love Spells^ 💎 (310) 882-6330 in West Virginia, WV | Psychic Reading Best B...
$ Love Spells^ 💎 (310) 882-6330 in West Virginia, WV | Psychic Reading Best B...PsychicRuben LoveSpells
 
2k Shots ≽ 9205541914 ≼ Call Girls In Mukherjee Nagar (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Mukherjee Nagar (Delhi)2k Shots ≽ 9205541914 ≼ Call Girls In Mukherjee Nagar (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Mukherjee Nagar (Delhi)Delhi Call girls
 
the Husband rolesBrown Aesthetic Cute Group Project Presentation
the Husband rolesBrown Aesthetic Cute Group Project Presentationthe Husband rolesBrown Aesthetic Cute Group Project Presentation
the Husband rolesBrown Aesthetic Cute Group Project Presentationbrynpueblos04
 
LC_YouSaidYes_NewBelieverBookletDone.pdf
LC_YouSaidYes_NewBelieverBookletDone.pdfLC_YouSaidYes_NewBelieverBookletDone.pdf
LC_YouSaidYes_NewBelieverBookletDone.pdfpastor83
 
KLINIK BATA Jual obat penggugur kandungan 087776558899 ABORSI JANIN KEHAMILAN...
KLINIK BATA Jual obat penggugur kandungan 087776558899 ABORSI JANIN KEHAMILAN...KLINIK BATA Jual obat penggugur kandungan 087776558899 ABORSI JANIN KEHAMILAN...
KLINIK BATA Jual obat penggugur kandungan 087776558899 ABORSI JANIN KEHAMILAN...Cara Menggugurkan Kandungan 087776558899
 
2k Shots ≽ 9205541914 ≼ Call Girls In Jasola (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Jasola (Delhi)2k Shots ≽ 9205541914 ≼ Call Girls In Jasola (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Jasola (Delhi)Delhi Call girls
 
2k Shots ≽ 9205541914 ≼ Call Girls In Dashrath Puri (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Dashrath Puri (Delhi)2k Shots ≽ 9205541914 ≼ Call Girls In Dashrath Puri (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Dashrath Puri (Delhi)Delhi Call girls
 
call Now 9811711561 Cash Payment乂 Call Girls in Dwarka Mor
call Now 9811711561 Cash Payment乂 Call Girls in Dwarka Morcall Now 9811711561 Cash Payment乂 Call Girls in Dwarka Mor
call Now 9811711561 Cash Payment乂 Call Girls in Dwarka Morvikas rana
 

Kürzlich hochgeladen (14)

WOMEN EMPOWERMENT women empowerment.pptx
WOMEN EMPOWERMENT women empowerment.pptxWOMEN EMPOWERMENT women empowerment.pptx
WOMEN EMPOWERMENT women empowerment.pptx
 
2k Shots ≽ 9205541914 ≼ Call Girls In Palam (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Palam (Delhi)2k Shots ≽ 9205541914 ≼ Call Girls In Palam (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Palam (Delhi)
 
Top Rated Pune Call Girls Tingre Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Tingre Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Tingre Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Tingre Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
Pokemon Go... Unraveling the Conspiracy Theory
Pokemon Go... Unraveling the Conspiracy TheoryPokemon Go... Unraveling the Conspiracy Theory
Pokemon Go... Unraveling the Conspiracy Theory
 
$ Love Spells^ 💎 (310) 882-6330 in West Virginia, WV | Psychic Reading Best B...
$ Love Spells^ 💎 (310) 882-6330 in West Virginia, WV | Psychic Reading Best B...$ Love Spells^ 💎 (310) 882-6330 in West Virginia, WV | Psychic Reading Best B...
$ Love Spells^ 💎 (310) 882-6330 in West Virginia, WV | Psychic Reading Best B...
 
2k Shots ≽ 9205541914 ≼ Call Girls In Mukherjee Nagar (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Mukherjee Nagar (Delhi)2k Shots ≽ 9205541914 ≼ Call Girls In Mukherjee Nagar (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Mukherjee Nagar (Delhi)
 
the Husband rolesBrown Aesthetic Cute Group Project Presentation
the Husband rolesBrown Aesthetic Cute Group Project Presentationthe Husband rolesBrown Aesthetic Cute Group Project Presentation
the Husband rolesBrown Aesthetic Cute Group Project Presentation
 
LC_YouSaidYes_NewBelieverBookletDone.pdf
LC_YouSaidYes_NewBelieverBookletDone.pdfLC_YouSaidYes_NewBelieverBookletDone.pdf
LC_YouSaidYes_NewBelieverBookletDone.pdf
 
(Aarini) Russian Call Girls Surat Call Now 8250077686 Surat Escorts 24x7
(Aarini) Russian Call Girls Surat Call Now 8250077686 Surat Escorts 24x7(Aarini) Russian Call Girls Surat Call Now 8250077686 Surat Escorts 24x7
(Aarini) Russian Call Girls Surat Call Now 8250077686 Surat Escorts 24x7
 
KLINIK BATA Jual obat penggugur kandungan 087776558899 ABORSI JANIN KEHAMILAN...
KLINIK BATA Jual obat penggugur kandungan 087776558899 ABORSI JANIN KEHAMILAN...KLINIK BATA Jual obat penggugur kandungan 087776558899 ABORSI JANIN KEHAMILAN...
KLINIK BATA Jual obat penggugur kandungan 087776558899 ABORSI JANIN KEHAMILAN...
 
(Anamika) VIP Call Girls Navi Mumbai Call Now 8250077686 Navi Mumbai Escorts ...
(Anamika) VIP Call Girls Navi Mumbai Call Now 8250077686 Navi Mumbai Escorts ...(Anamika) VIP Call Girls Navi Mumbai Call Now 8250077686 Navi Mumbai Escorts ...
(Anamika) VIP Call Girls Navi Mumbai Call Now 8250077686 Navi Mumbai Escorts ...
 
2k Shots ≽ 9205541914 ≼ Call Girls In Jasola (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Jasola (Delhi)2k Shots ≽ 9205541914 ≼ Call Girls In Jasola (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Jasola (Delhi)
 
2k Shots ≽ 9205541914 ≼ Call Girls In Dashrath Puri (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Dashrath Puri (Delhi)2k Shots ≽ 9205541914 ≼ Call Girls In Dashrath Puri (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Dashrath Puri (Delhi)
 
call Now 9811711561 Cash Payment乂 Call Girls in Dwarka Mor
call Now 9811711561 Cash Payment乂 Call Girls in Dwarka Morcall Now 9811711561 Cash Payment乂 Call Girls in Dwarka Mor
call Now 9811711561 Cash Payment乂 Call Girls in Dwarka Mor
 

Viruses and Anti-Viruses

  • 1.  
  • 2.
  • 3.
  • 4.
  • 5. Worm Propagation Leverage Network Connectivity
  • 6.
  • 7.
  • 9.
  • 10.
  • 11. Virus Virus – Needs a host V
  • 12. Virus Propagation Leverage User Connectivity
  • 13.
  • 14.
  • 15. Virus (Malware) Identification Anti-Virus Signature Virus Form - A Antivirus scanners use extracted patterns, or “signatures” to identify known malware. Signature
  • 16.
  • 17. Static Signature Ex:- 8BEF 33C0 BF ?? ???? ?? 03 FDB9 ?? 0A 0000 8A85 ???? ???? 3007 47E2 FBEB
  • 18.
  • 19.
  • 20.
  • 21.
  • 22. Metamorphism Example mov [ebp - 3], eax push ecx mov ecx,ebp add ecx,33 push esi mov esi,ecx sub esi,34 mov [esi-2],eax pop esi pop ecx push ecx mov ecx, ebp push eax mov eax, 33 add ecx, eax pop eax push esi mov esi, ecx push edx mov edx, 34 sub esi, edx pop edx mov [esi - 2], eax pop esi pop ecx push ecx mov ecx, [ebp + 10] mov ecx, ebp push eax add eax, 2342 mov eax, 33 add ecx, eax pop eax mov eax, esi push eax mov esi, ecx push edx xor edx, 778f mov edx, 34 sub esi, edx pop edx mov [esi-2], eax pop esi pop ecx push ecx mov ecx,ebp add ecx,33 mov [ecx-36],eax pop ecx
  • 23. Attacking static signature- Metamorphism Anti-Virus Signature Virus Form - C M M Virus Virus Form - A Form - B Too many signatures challenge the AV Scanner Using different signatures for most variants cannot scale.
  • 24.
  • 25.
  • 26. “ Undo” Metamorphism mov [ebp - 3], eax push ecx mov ecx,ebp add ecx,33 push esi mov esi,ecx sub esi,34 mov [esi-2],eax pop esi pop ecx push ecx mov ecx, ebp push eax mov eax, 33 add ecx, eax pop eax push esi mov esi, ecx push edx mov edx, 34 sub esi, edx pop edx mov [esi - 2], eax pop esi pop ecx push ecx mov ecx, [ebp + 10] mov ecx, ebp push eax add eax, 2342 mov eax, 33 add ecx, eax pop eax mov eax, esi push eax mov esi, ecx push edx xor edx, 778f mov edx, 34 sub esi, edx pop edx mov [esi-2], eax pop esi pop ecx push ecx mov ecx,ebp add ecx,33 mov [ecx-36],eax pop ecx
  • 27.
  • 28.
  • 29. Virus Phylogeny [email_address] W32/Bagle.j@mm [email_address] W32/Klez.i@MM W32/NetSky.B [email_address] [email_address] [email_address] [email_address] W32/Bagle.a@mm [email_address] W32/Klez.f@MM W32/Bagle.ao@mm W32/Bagle.u@mm W32/Klez.e@MM W32.NetSky.D W32.NetSky.B W32.NetSky.A W32/Bugbear.17916intd W32/NetSky.A ??
  • 30. Virus Phylogeny [email_address] [email_address] [email_address] [email_address] [email_address] [email_address] W32/Bagle.a@mm W32/Bagle.j@mm [email_address] W32/Klez.i@MM W32/Klez.f@MM W32/Bagle.aq@mm W32/Bagle.u@mm W32/Klez.e@MM W32.NetSky.D W32.NetSky.B W32.NetSky.A W32/Bugbear.17916intd W32/NetSky.B W32/NetSky.A ?? ?? Symantec McAfee
  • 31. Deobfuscator of Calls NORMAL CALL L0: call L5 L1: … L2: … L3: … L4: … L5: <proc> L6: … Call Obfsucations to prevent static analysis OBFUSCATED CALL L0a: push L1 L0b: push L5 L0c: ret L1: … L2: … L3: … L4: … L5: <proc> L6: …
  • 32. DOC: Deobfuscator of Calls DOC
  • 33.
  • 34.
  • 35.
  • 40.
  • 41. Difference Between .COM and .EXE files
  • 42.
  • 44.
  • 45.
  • 46.  
  • 47. TIMID The Host of our Virus TIMID
  • 49.
  • 50.
  • 51.
  • 52.
  • 53.
  • 54.
  • 55.
  • 56.
  • 57.
  • 58.
  • 59.
  • 60.
  • 61.
  • 62.
  • 63.
  • 64.