|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Why not a changeling?
From: sigipp
WELLA.COM.BRDate: Mon May 22 2000 - 06:58:29 CDT
- Next message: Prentner, Karl: "Re: Outlook HTML VBS (demo)"
- Previous message: PCbob - Slobodan miskoviC: "Re: Outlook HTML VBS (demo)"
- Maybe in reply to: Daniel Petzen: "Why not a changeling?"
- Next in thread: Jeff Bachtel: "Re: Why not a changeling?"
- Next in thread: Michael Wojcik: "Re: Why not a changeling?"
- Maybe reply: sigippWELLA.COM.BR: "Re: Why not a changeling?"
- Reply: Jeff Bachtel: "Re: Why not a changeling?"
- Reply: Daniel Petzen: "Re: Why not a changeling?"
- Reply: Michael H. Warfield: "Re: Why not a changeling?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
Just one question (may be i did not understand the whole thing): If a virus is
built of two parts, a "payload" and a scrambler/descrambler with proprietary
algoritm, the virus scanners do not depend on detecting the "payload", they
simply depend on detecting the scrambler.
Well, you could scramble the scrambler, but you see...
The only thing i can imagine is, using a standard scrambler (like md5), which is
installed at the user and is not part of the virus. The result of the scrambler
should depend on a key (unlike simple compacting, zip and the like), and this
key should be part of the virus, and on reduplicating itself, it should randomly
generate a new key.
A real amazing idea would be, create a scrambled virus, which, when descrambled
with one key, result in one virus, and when descrambled with another key, should
result in another virus. Well, but thatīs utopia.
If i missed anything, let me know.
Greetings
Siegfried Gipp
- Next message: Prentner, Karl: "Re: Outlook HTML VBS (demo)"
- Previous message: PCbob - Slobodan miskoviC: "Re: Outlook HTML VBS (demo)"
- Maybe in reply to: Daniel Petzen: "Why not a changeling?"
- Next in thread: Jeff Bachtel: "Re: Why not a changeling?"
- Next in thread: Michael Wojcik: "Re: Why not a changeling?"
- Maybe reply: sigippWELLA.COM.BR: "Re: Why not a changeling?"
- Reply: Jeff Bachtel: "Re: Why not a changeling?"
- Reply: Daniel Petzen: "Re: Why not a changeling?"
- Reply: Michael H. Warfield: "Re: Why not a changeling?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]