SlideShare uma empresa Scribd logo

Viruses and Anti-Viruses

Transferir como PPS, PDF
Ayman Hussein
Ayman Hussein

Viruses, Anti-virus and Anti-anti-virus Techniques . Timid Virus Example with it's assembly code

Aperfeiçoamento pessoal
1 de 64
 
Plan of talk ,[object Object],[object Object],[object Object],[object Object],[object Object]
Kinds of malware ,[object Object],[object Object],[object Object],[object Object]
Worms ,[object Object]
Worm Propagation Leverage Network Connectivity
Spyware ,[object Object],[object Object]
Trojan horses ,[object Object],[object Object]
Trojan Leverages gullible users
Adware ,[object Object]
The functional logic of a virus ,[object Object],[object Object],[object Object],[object Object],[object Object]
Virus Virus – Needs a host V
Virus Propagation Leverage User Connectivity
Detection Technologies ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Virus (Malware) Identification Anti-Virus Signature Virus Form - A Antivirus scanners use extracted patterns, or “signatures” to identify known malware. Signature
Static Signature ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Static Signature Ex:- 8BEF 33C0 BF ?? ???? ?? 03 FDB9 ?? 0A 0000 8A85 ???? ???? 3007 47E2 FBEB
Dynamic Signature ,[object Object],[object Object]
Attacking Integrity Checkers ,[object Object],[object Object],[object Object],[object Object]
Attacking static signature - Metamorphism Virus Form - C M M Virus Virus Form - A Form - B ,[object Object],[object Object]
Metamorphism Example mov [ebp - 3], eax push ecx mov ecx,ebp add ecx,33 push esi mov esi,ecx sub esi,34 mov [esi-2],eax pop esi pop ecx push ecx mov ecx, ebp push eax mov eax, 33 add ecx, eax pop eax push esi mov esi, ecx push edx mov edx, 34 sub esi, edx pop edx mov [esi - 2], eax pop esi pop ecx push ecx mov ecx, [ebp + 10] mov ecx, ebp push eax add eax, 2342 mov eax, 33 add ecx, eax pop eax mov eax, esi push eax mov esi, ecx push edx xor edx, 778f mov edx, 34 sub esi, edx pop edx mov [esi-2], eax pop esi pop ecx push ecx mov ecx,ebp add ecx,33 mov [ecx-36],eax pop ecx
Attacking static signature- Metamorphism Anti-Virus Signature Virus Form - C M M Virus Virus Form - A Form - B Too many signatures challenge the AV Scanner Using different signatures for most variants cannot scale.
Attacking Behavior Monitors ,[object Object]
“ Undo” Metamorphism mov [ebp - 3], eax push ecx mov ecx,ebp add ecx,33 push esi mov esi,ecx sub esi,34 mov [esi-2],eax pop esi pop ecx push ecx mov ecx, ebp push eax mov eax, 33 add ecx, eax pop eax push esi mov esi, ecx push edx mov edx, 34 sub esi, edx pop edx mov [esi - 2], eax pop esi pop ecx push ecx mov ecx, [ebp + 10] mov ecx, ebp push eax add eax, 2342 mov eax, 33 add ecx, eax pop eax mov eax, esi push eax mov esi, ecx push edx xor edx, 778f mov edx, 34 sub esi, edx pop edx mov [esi-2], eax pop esi pop ecx push ecx mov ecx,ebp add ecx,33 mov [ecx-36],eax pop ecx
Detecting Metamorphism ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Code Emulation ,[object Object]
Virus Phylogeny [email_address] W32/Bagle.j@mm [email_address] W32/Klez.i@MM W32/NetSky.B [email_address] [email_address] [email_address] [email_address] W32/Bagle.a@mm [email_address] W32/Klez.f@MM W32/Bagle.ao@mm W32/Bagle.u@mm W32/Klez.e@MM W32.NetSky.D W32.NetSky.B W32.NetSky.A W32/Bugbear.17916intd W32/NetSky.A ??
Virus Phylogeny [email_address] [email_address] [email_address] [email_address] [email_address] [email_address] W32/Bagle.a@mm W32/Bagle.j@mm [email_address] W32/Klez.i@MM W32/Klez.f@MM W32/Bagle.aq@mm W32/Bagle.u@mm W32/Klez.e@MM W32.NetSky.D W32.NetSky.B W32.NetSky.A W32/Bugbear.17916intd W32/NetSky.B W32/NetSky.A ?? ?? Symantec McAfee
Deobfuscator of Calls NORMAL CALL L0: call L5 L1: … L2: … L3: … L4: … L5: <proc> L6: … Call Obfsucations to prevent static analysis OBFUSCATED CALL L0a: push L1 L0b: push L5 L0c: ret L1: … L2: … L3: … L4: … L5: <proc> L6: …
DOC: Deobfuscator of Calls DOC
Timid ,[object Object]
What Timid Virus do ,[object Object],[object Object],[object Object]
Overwriting Viruses
Overwriting Viruses
Overwriting Viruses
Overwriting Viruses
Difference Between .COM and .EXE files ,[object Object],[object Object],[object Object]
Difference Between .COM and .EXE files
How to Write a .COM program ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
How to assemble it
Example of .COM code ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
A.BAT file ,[object Object]
 
TIMID The Host of our Virus TIMID
labels
Host ,[object Object],[object Object]
virus ,[object Object]
VIRUS_START ,[object Object],[object Object]
GET_START ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
EXIT_VIRUS ,[object Object],[object Object]
START_CODE ,[object Object],[object Object]
FIND_FILE ,[object Object],[object Object]
FF_LOOP ,[object Object],[object Object],[object Object]
FF_DONE ,[object Object]
FILE_OK ,[object Object],[object Object]
FOK_NZEND ,[object Object]
FOK_ZEND ,[object Object]
INFECT ,[object Object]
FINAL ,[object Object]
Summary ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Recomendados

Computer viruses
Computer virusesComputer viruses
Computer virusesImran Khan
 
Virus
VirusVirus
VirusMukul Kumar
 
Computer virus
Computer virusComputer virus
Computer virusUtchi
 
Malware
MalwareMalware
MalwareHarshdeep Singh
 
Malicious software
Malicious softwareMalicious software
Malicious softwaremsdeepika
 
Malicious software group 24
Malicious software group 24Malicious software group 24
Malicious software group 24Muhammad Zain
 
Computer Virus
Computer VirusComputer Virus
Computer VirusRajah Anuragavan
 
Virus and antivirus final ppt
Virus and antivirus final pptVirus and antivirus final ppt
Virus and antivirus final pptaritradutta22
 

Recomendados

Computer viruses
Computer virusesComputer viruses
Computer virusesImran Khan
 
Virus
VirusVirus
VirusMukul Kumar
 
Computer virus
Computer virusComputer virus
Computer virusUtchi
 
Malware
MalwareMalware
MalwareHarshdeep Singh
 
Malicious software
Malicious softwareMalicious software
Malicious softwaremsdeepika
 
Malicious software group 24
Malicious software group 24Malicious software group 24
Malicious software group 24Muhammad Zain
 
Computer Virus
Computer VirusComputer Virus
Computer VirusRajah Anuragavan
 
Virus and antivirus final ppt
Virus and antivirus final pptVirus and antivirus final ppt
Virus and antivirus final pptaritradutta22
 
Computer Virus
Computer VirusComputer Virus
Computer VirusDebraj Chatterjee
 
Trojan horse
Trojan horseTrojan horse
Trojan horseGaurang Rathod
 
computer virus
computer viruscomputer virus
computer virusKunal Yadav
 
Computer virus
Computer virusComputer virus
Computer virusRahul Baghla
 
Different types of computer viruses
Different types of computer virusesDifferent types of computer viruses
Different types of computer virusestheonlineguru
 
virus,worms & analysis
virus,worms & analysis virus,worms & analysis
virus,worms & analysisPriyatham Galisetty
 
Lecture 12 malicious software
Lecture 12 malicious software Lecture 12 malicious software
Lecture 12 malicious software rajakhurram
 
introduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseintroduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseSpandan Patnaik
 
Presentación1
Presentación1Presentación1
Presentación1Alex Figueroa
 
Learning malware for fun and profit
Learning malware for fun and profitLearning malware for fun and profit
Learning malware for fun and profitsr1nu
 
Malicious
MaliciousMalicious
MaliciousKhyati Rajput
 
Malicious Software Identification
Malicious Software IdentificationMalicious Software Identification
Malicious Software Identificationsandeep shergill
 
Final malacious softwares
Final malacious softwaresFinal malacious softwares
Final malacious softwaresMirza Adnan Baig
 
Computer Worms
Computer WormsComputer Worms
Computer Wormssadique_ghitm
 
What is virus and methods to recover from different types of viruses
What is virus and methods to recover from different types of virusesWhat is virus and methods to recover from different types of viruses
What is virus and methods to recover from different types of virusesAjay Sharma
 
Introductio to Virus
Introductio to VirusIntroductio to Virus
Introductio to VirusUniversity of Sindh, Jamshoro
 
Compter virus and its solution
Compter virus and its solutionCompter virus and its solution
Compter virus and its solutionManoj Dongare
 
Virus&malware
Virus&malwareVirus&malware
Virus&malwareRobin Garza
 
Computer virus 2
Computer virus 2Computer virus 2
Computer virus 2Nishant Reshwal
 
Introductions To Malwares
Introductions To MalwaresIntroductions To Malwares
Introductions To MalwaresCyber Vignan
 
Network Topologies
Network TopologiesNetwork Topologies
Network Topologiesdbrown1
 
Podcasting
PodcastingPodcasting
Podcastingrubenduran
 

Mais conteúdo relacionado

Mais procurados

Different types of computer viruses
Different types of computer virusesDifferent types of computer viruses
Different types of computer virusestheonlineguru
 
Lecture 12 malicious software
Lecture 12 malicious software Lecture 12 malicious software
Lecture 12 malicious software rajakhurram
 
introduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseintroduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseSpandan Patnaik
 
Learning malware for fun and profit
Learning malware for fun and profitLearning malware for fun and profit
Learning malware for fun and profitsr1nu
 
Malicious Software Identification
Malicious Software IdentificationMalicious Software Identification
Malicious Software Identificationsandeep shergill
 
What is virus and methods to recover from different types of viruses
What is virus and methods to recover from different types of virusesWhat is virus and methods to recover from different types of viruses
What is virus and methods to recover from different types of virusesAjay Sharma
 
Compter virus and its solution
Compter virus and its solutionCompter virus and its solution
Compter virus and its solutionManoj Dongare
 
Introductions To Malwares
Introductions To MalwaresIntroductions To Malwares
Introductions To MalwaresCyber Vignan
 

Mais procurados (20)

Computer Virus
Computer VirusComputer Virus
Computer Virus
 
Trojan horse
Trojan horseTrojan horse
Trojan horse
 
computer virus
computer viruscomputer virus
computer virus
 
Computer virus
Computer virusComputer virus
Computer virus
 
Different types of computer viruses
Different types of computer virusesDifferent types of computer viruses
Different types of computer viruses
 
virus,worms & analysis
virus,worms & analysis virus,worms & analysis
virus,worms & analysis
 
Lecture 12 malicious software
Lecture 12 malicious software Lecture 12 malicious software
Lecture 12 malicious software
 
introduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseintroduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horse
 
Presentación1
Presentación1Presentación1
Presentación1
 
Learning malware for fun and profit
Learning malware for fun and profitLearning malware for fun and profit
Learning malware for fun and profit
 
Malicious
MaliciousMalicious
Malicious
 
Malicious Software Identification
Malicious Software IdentificationMalicious Software Identification
Malicious Software Identification
 
Final malacious softwares
Final malacious softwaresFinal malacious softwares
Final malacious softwares
 
Computer Worms
Computer WormsComputer Worms
Computer Worms
 
What is virus and methods to recover from different types of viruses
What is virus and methods to recover from different types of virusesWhat is virus and methods to recover from different types of viruses
What is virus and methods to recover from different types of viruses
 
Introductio to Virus
Introductio to VirusIntroductio to Virus
Introductio to Virus
 
Compter virus and its solution
Compter virus and its solutionCompter virus and its solution
Compter virus and its solution
 
Virus&malware
Virus&malwareVirus&malware
Virus&malware
 
Computer virus 2
Computer virus 2Computer virus 2
Computer virus 2
 
Introductions To Malwares
Introductions To MalwaresIntroductions To Malwares
Introductions To Malwares
 

Destaque

Network Topologies
Network TopologiesNetwork Topologies
Network Topologiesdbrown1
 
Computer Network
Computer NetworkComputer Network
Computer NetworkCma Mohd
 
Computer networking devices
Computer networking devicesComputer networking devices
Computer networking devicesRajesh Sadhukha
 
Dasar dasar virus komputer
Dasar dasar virus komputerDasar dasar virus komputer
Dasar dasar virus komputerreadoneitz
 
Computer Ergonomics
Computer ErgonomicsComputer Ergonomics
Computer ErgonomicsYavira Marte
 
Customer handling
Customer handlingCustomer handling
Customer handlingSamik Pal
 
Chap. 4 types of consumer
Chap. 4 types of consumerChap. 4 types of consumer
Chap. 4 types of consumerMagiel Amora
 
Open Source Shareware Freeware
Open Source Shareware FreewareOpen Source Shareware Freeware
Open Source Shareware FreewareWilliam Stites
 
Utility software
Utility softwareUtility software
Utility softwareadeang47
 
Types of customers and their needs
Types of customers and their needsTypes of customers and their needs
Types of customers and their needsGuillaume T Mbenoun
 

Destaque (20)

Network Topologies
Network TopologiesNetwork Topologies
Network Topologies
 
Podcasting
PodcastingPodcasting
Podcasting
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Computer Network
Computer NetworkComputer Network
Computer Network
 
Computer networking devices
Computer networking devicesComputer networking devices
Computer networking devices
 
Dasar dasar virus komputer
Dasar dasar virus komputerDasar dasar virus komputer
Dasar dasar virus komputer
 
Printer
PrinterPrinter
Printer
 
Computer Ergonomics
Computer ErgonomicsComputer Ergonomics
Computer Ergonomics
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Software
SoftwareSoftware
Software
 
Storage Devices
Storage DevicesStorage Devices
Storage Devices
 
Customer handling
Customer handlingCustomer handling
Customer handling
 
How Motherboards Work
How Motherboards WorkHow Motherboards Work
How Motherboards Work
 
Windows Utilities
Windows UtilitiesWindows Utilities
Windows Utilities
 
Chap. 4 types of consumer
Chap. 4 types of consumerChap. 4 types of consumer
Chap. 4 types of consumer
 
Open Source Shareware Freeware
Open Source Shareware FreewareOpen Source Shareware Freeware
Open Source Shareware Freeware
 
Utility software
Utility softwareUtility software
Utility software
 
Types of customers and their needs
Types of customers and their needsTypes of customers and their needs
Types of customers and their needs
 
spam
spamspam
spam
 
Types Of Customers
Types Of CustomersTypes Of Customers
Types Of Customers
 

Semelhante a Viruses and Anti-Viruses

Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9koolkampus
 
Sality, a parasitic virus gets a upgrade – TotalDefense Blog
Sality, a parasitic virus gets a upgrade – TotalDefense BlogSality, a parasitic virus gets a upgrade – TotalDefense Blog
Sality, a parasitic virus gets a upgrade – TotalDefense BlogTotalDefense
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyOPSWAT
 
Computer Viruses and Classification lecture slides ppt
Computer Viruses and Classification lecture slides pptComputer Viruses and Classification lecture slides ppt
Computer Viruses and Classification lecture slides pptOsama Yousaf
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPES MALWARE AND ITS TYPES
MALWARE AND ITS TYPES Sagilasagi1
 
Viruses & Malware
Viruses & MalwareViruses & Malware
Viruses & MalwareT.J. Schiel
 
Software security
Software securitySoftware security
Software securityjes_d
 
Module 16 (virus)
Module 16 (virus)Module 16 (virus)
Module 16 (virus)Wail Hassan
 
Modern malware and threats
Modern malware and threatsModern malware and threats
Modern malware and threatsMartin Holovský
 

Semelhante a Viruses and Anti-Viruses (20)

virus
virusvirus
virus
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9
 
virus.ppt
virus.pptvirus.ppt
virus.ppt
 
Sality, a parasitic virus gets a upgrade – TotalDefense Blog
Sality, a parasitic virus gets a upgrade – TotalDefense BlogSality, a parasitic virus gets a upgrade – TotalDefense Blog
Sality, a parasitic virus gets a upgrade – TotalDefense Blog
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny Czarny
 
Module 5.pdf
Module 5.pdfModule 5.pdf
Module 5.pdf
 
Module 5.Malware
Module 5.MalwareModule 5.Malware
Module 5.Malware
 
Computer Viruses and Classification lecture slides ppt
Computer Viruses and Classification lecture slides pptComputer Viruses and Classification lecture slides ppt
Computer Viruses and Classification lecture slides ppt
 
Virus
VirusVirus
Virus
 
Computer virus 18
Computer virus 18Computer virus 18
Computer virus 18
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPES MALWARE AND ITS TYPES
MALWARE AND ITS TYPES
 
Viruses & Malware
Viruses & MalwareViruses & Malware
Viruses & Malware
 
Software security
Software securitySoftware security
Software security
 
Types of Virus & Anti-virus
Types of Virus & Anti-virusTypes of Virus & Anti-virus
Types of Virus & Anti-virus
 
Module 16 (virus)
Module 16 (virus)Module 16 (virus)
Module 16 (virus)
 
Modern malware and threats
Modern malware and threatsModern malware and threats
Modern malware and threats
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Malware
MalwareMalware
Malware
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 

Último

LC_YouSaidYes_NewBelieverBookletDone.pdf
LC_YouSaidYes_NewBelieverBookletDone.pdfLC_YouSaidYes_NewBelieverBookletDone.pdf
LC_YouSaidYes_NewBelieverBookletDone.pdfpastor83
 
call girls in candolim beach 9870370636] NORTH GOA ..
call girls in candolim beach 9870370636] NORTH GOA ..call girls in candolim beach 9870370636] NORTH GOA ..
call girls in candolim beach 9870370636] NORTH GOA ..nishakur201
 
Understanding Relationship Anarchy: A Guide to Liberating Love | CIO Women Ma...
Understanding Relationship Anarchy: A Guide to Liberating Love | CIO Women Ma...Understanding Relationship Anarchy: A Guide to Liberating Love | CIO Women Ma...
Understanding Relationship Anarchy: A Guide to Liberating Love | CIO Women Ma...CIOWomenMagazine
 
Pokemon Go... Unraveling the Conspiracy Theory
Pokemon Go... Unraveling the Conspiracy TheoryPokemon Go... Unraveling the Conspiracy Theory
Pokemon Go... Unraveling the Conspiracy Theorydrae5
 
Lucknow 💋 High Class Call Girls Lucknow 10k @ I'm VIP Independent Escorts Gir...
Lucknow 💋 High Class Call Girls Lucknow 10k @ I'm VIP Independent Escorts Gir...Lucknow 💋 High Class Call Girls Lucknow 10k @ I'm VIP Independent Escorts Gir...
Lucknow 💋 High Class Call Girls Lucknow 10k @ I'm VIP Independent Escorts Gir...anilsa9823
 
Breath, Brain & Beyond_A Holistic Approach to Peak Performance.pdf
Breath, Brain & Beyond_A Holistic Approach to Peak Performance.pdfBreath, Brain & Beyond_A Holistic Approach to Peak Performance.pdf
Breath, Brain & Beyond_A Holistic Approach to Peak Performance.pdfJess Walker
 
Lilac Illustrated Social Psychology Presentation.pptx
Lilac Illustrated Social Psychology Presentation.pptxLilac Illustrated Social Psychology Presentation.pptx
Lilac Illustrated Social Psychology Presentation.pptxABMWeaklings
 
Call Girls Anjuna beach Mariott Resort ₰8588052666
Call Girls Anjuna beach Mariott Resort ₰8588052666Call Girls Anjuna beach Mariott Resort ₰8588052666
Call Girls Anjuna beach Mariott Resort ₰8588052666nishakur201
 
9892124323, Call Girls in mumbai, Vashi Call Girls , Kurla Call girls
9892124323, Call Girls in mumbai, Vashi Call Girls , Kurla Call girls9892124323, Call Girls in mumbai, Vashi Call Girls , Kurla Call girls
9892124323, Call Girls in mumbai, Vashi Call Girls , Kurla Call girlsPooja Nehwal
 
Independent Escorts in Lucknow (Adult Only) 👩🏽‍❤️‍💋‍👩🏼 8923113531 ♛ Escort S...
Independent Escorts in Lucknow (Adult Only) 👩🏽‍❤️‍💋‍👩🏼 8923113531 ♛ Escort S...Independent Escorts in Lucknow (Adult Only) 👩🏽‍❤️‍💋‍👩🏼 8923113531 ♛ Escort S...
Independent Escorts in Lucknow (Adult Only) 👩🏽‍❤️‍💋‍👩🏼 8923113531 ♛ Escort S...gurkirankumar98700
 
文凭办理《原版美国USU学位证书》犹他州立大学毕业证制作成绩单修改
文凭办理《原版美国USU学位证书》犹他州立大学毕业证制作成绩单修改文凭办理《原版美国USU学位证书》犹他州立大学毕业证制作成绩单修改
文凭办理《原版美国USU学位证书》犹他州立大学毕业证制作成绩单修改atducpo
 
8377087607 Full Enjoy @24/7-CLEAN-Call Girls In Chhatarpur,
8377087607 Full Enjoy @24/7-CLEAN-Call Girls In Chhatarpur,8377087607 Full Enjoy @24/7-CLEAN-Call Girls In Chhatarpur,
8377087607 Full Enjoy @24/7-CLEAN-Call Girls In Chhatarpur,dollysharma2066
 
(KAVYA) Call Girls Humayun Nagar ✔️Just Call 7001035870✔️ HI-Fi Hyderabad Esc...
(KAVYA) Call Girls Humayun Nagar ✔️Just Call 7001035870✔️ HI-Fi Hyderabad Esc...(KAVYA) Call Girls Humayun Nagar ✔️Just Call 7001035870✔️ HI-Fi Hyderabad Esc...
(KAVYA) Call Girls Humayun Nagar ✔️Just Call 7001035870✔️ HI-Fi Hyderabad Esc...Sanjna Singh
 
The Selfspace Journal Preview by Mindbrush
The Selfspace Journal Preview by MindbrushThe Selfspace Journal Preview by Mindbrush
The Selfspace Journal Preview by MindbrushShivain97
 
CALL ON ➥8923113531 🔝Call Girls Mahanagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Mahanagar Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Mahanagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Mahanagar Lucknow best sexual serviceanilsa9823
 
CALL ON ➥8923113531 🔝Call Girls Adil Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Adil Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Adil Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Adil Nagar Lucknow best Female serviceanilsa9823
 
$ Love Spells^ 💎 (310) 882-6330 in West Virginia, WV | Psychic Reading Best B...
$ Love Spells^ 💎 (310) 882-6330 in West Virginia, WV | Psychic Reading Best B...$ Love Spells^ 💎 (310) 882-6330 in West Virginia, WV | Psychic Reading Best B...
$ Love Spells^ 💎 (310) 882-6330 in West Virginia, WV | Psychic Reading Best B...PsychicRuben LoveSpells
 
Top Rated Pune Call Girls Tingre Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Tingre Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Tingre Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Tingre Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Se...Call Girls in Nagpur High Profile
 
Introducing to billionaire brain wave.pdf
Introducing to billionaire brain wave.pdfIntroducing to billionaire brain wave.pdf
Introducing to billionaire brain wave.pdfnoumannajam04
 

Último (20)

LC_YouSaidYes_NewBelieverBookletDone.pdf
LC_YouSaidYes_NewBelieverBookletDone.pdfLC_YouSaidYes_NewBelieverBookletDone.pdf
LC_YouSaidYes_NewBelieverBookletDone.pdf
 
call girls in candolim beach 9870370636] NORTH GOA ..
call girls in candolim beach 9870370636] NORTH GOA ..call girls in candolim beach 9870370636] NORTH GOA ..
call girls in candolim beach 9870370636] NORTH GOA ..
 
Understanding Relationship Anarchy: A Guide to Liberating Love | CIO Women Ma...
Understanding Relationship Anarchy: A Guide to Liberating Love | CIO Women Ma...Understanding Relationship Anarchy: A Guide to Liberating Love | CIO Women Ma...
Understanding Relationship Anarchy: A Guide to Liberating Love | CIO Women Ma...
 
Pokemon Go... Unraveling the Conspiracy Theory
Pokemon Go... Unraveling the Conspiracy TheoryPokemon Go... Unraveling the Conspiracy Theory
Pokemon Go... Unraveling the Conspiracy Theory
 
Lucknow 💋 High Class Call Girls Lucknow 10k @ I'm VIP Independent Escorts Gir...
Lucknow 💋 High Class Call Girls Lucknow 10k @ I'm VIP Independent Escorts Gir...Lucknow 💋 High Class Call Girls Lucknow 10k @ I'm VIP Independent Escorts Gir...
Lucknow 💋 High Class Call Girls Lucknow 10k @ I'm VIP Independent Escorts Gir...
 
Breath, Brain & Beyond_A Holistic Approach to Peak Performance.pdf
Breath, Brain & Beyond_A Holistic Approach to Peak Performance.pdfBreath, Brain & Beyond_A Holistic Approach to Peak Performance.pdf
Breath, Brain & Beyond_A Holistic Approach to Peak Performance.pdf
 
Lilac Illustrated Social Psychology Presentation.pptx
Lilac Illustrated Social Psychology Presentation.pptxLilac Illustrated Social Psychology Presentation.pptx
Lilac Illustrated Social Psychology Presentation.pptx
 
Call Girls Anjuna beach Mariott Resort ₰8588052666
Call Girls Anjuna beach Mariott Resort ₰8588052666Call Girls Anjuna beach Mariott Resort ₰8588052666
Call Girls Anjuna beach Mariott Resort ₰8588052666
 
9892124323, Call Girls in mumbai, Vashi Call Girls , Kurla Call girls
9892124323, Call Girls in mumbai, Vashi Call Girls , Kurla Call girls9892124323, Call Girls in mumbai, Vashi Call Girls , Kurla Call girls
9892124323, Call Girls in mumbai, Vashi Call Girls , Kurla Call girls
 
Independent Escorts in Lucknow (Adult Only) 👩🏽‍❤️‍💋‍👩🏼 8923113531 ♛ Escort S...
Independent Escorts in Lucknow (Adult Only) 👩🏽‍❤️‍💋‍👩🏼 8923113531 ♛ Escort S...Independent Escorts in Lucknow (Adult Only) 👩🏽‍❤️‍💋‍👩🏼 8923113531 ♛ Escort S...
Independent Escorts in Lucknow (Adult Only) 👩🏽‍❤️‍💋‍👩🏼 8923113531 ♛ Escort S...
 
文凭办理《原版美国USU学位证书》犹他州立大学毕业证制作成绩单修改
文凭办理《原版美国USU学位证书》犹他州立大学毕业证制作成绩单修改文凭办理《原版美国USU学位证书》犹他州立大学毕业证制作成绩单修改
文凭办理《原版美国USU学位证书》犹他州立大学毕业证制作成绩单修改
 
escort service sasti (*~Call Girls in Paschim Vihar Metro❤️9953056974
escort service sasti (*~Call Girls in Paschim Vihar Metro❤️9953056974escort service sasti (*~Call Girls in Paschim Vihar Metro❤️9953056974
escort service sasti (*~Call Girls in Paschim Vihar Metro❤️9953056974
 
8377087607 Full Enjoy @24/7-CLEAN-Call Girls In Chhatarpur,
8377087607 Full Enjoy @24/7-CLEAN-Call Girls In Chhatarpur,8377087607 Full Enjoy @24/7-CLEAN-Call Girls In Chhatarpur,
8377087607 Full Enjoy @24/7-CLEAN-Call Girls In Chhatarpur,
 
(KAVYA) Call Girls Humayun Nagar ✔️Just Call 7001035870✔️ HI-Fi Hyderabad Esc...
(KAVYA) Call Girls Humayun Nagar ✔️Just Call 7001035870✔️ HI-Fi Hyderabad Esc...(KAVYA) Call Girls Humayun Nagar ✔️Just Call 7001035870✔️ HI-Fi Hyderabad Esc...
(KAVYA) Call Girls Humayun Nagar ✔️Just Call 7001035870✔️ HI-Fi Hyderabad Esc...
 
The Selfspace Journal Preview by Mindbrush
The Selfspace Journal Preview by MindbrushThe Selfspace Journal Preview by Mindbrush
The Selfspace Journal Preview by Mindbrush
 
CALL ON ➥8923113531 🔝Call Girls Mahanagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Mahanagar Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Mahanagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Mahanagar Lucknow best sexual service
 
CALL ON ➥8923113531 🔝Call Girls Adil Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Adil Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Adil Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Adil Nagar Lucknow best Female service
 
$ Love Spells^ 💎 (310) 882-6330 in West Virginia, WV | Psychic Reading Best B...
$ Love Spells^ 💎 (310) 882-6330 in West Virginia, WV | Psychic Reading Best B...$ Love Spells^ 💎 (310) 882-6330 in West Virginia, WV | Psychic Reading Best B...
$ Love Spells^ 💎 (310) 882-6330 in West Virginia, WV | Psychic Reading Best B...
 
Top Rated Pune Call Girls Tingre Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Tingre Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Tingre Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Tingre Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
Introducing to billionaire brain wave.pdf
Introducing to billionaire brain wave.pdfIntroducing to billionaire brain wave.pdf
Introducing to billionaire brain wave.pdf
 

Viruses and Anti-Viruses

  • 1.  
  • 2.
  • 3.
  • 4.
  • 5. Worm Propagation Leverage Network Connectivity
  • 6.
  • 7.
  • 9.
  • 10.
  • 11. Virus Virus – Needs a host V
  • 12. Virus Propagation Leverage User Connectivity
  • 13.
  • 14.
  • 15. Virus (Malware) Identification Anti-Virus Signature Virus Form - A Antivirus scanners use extracted patterns, or “signatures” to identify known malware. Signature
  • 16.
  • 17. Static Signature Ex:- 8BEF 33C0 BF ?? ???? ?? 03 FDB9 ?? 0A 0000 8A85 ???? ???? 3007 47E2 FBEB
  • 18.
  • 19.
  • 20.
  • 21.
  • 22. Metamorphism Example mov [ebp - 3], eax push ecx mov ecx,ebp add ecx,33 push esi mov esi,ecx sub esi,34 mov [esi-2],eax pop esi pop ecx push ecx mov ecx, ebp push eax mov eax, 33 add ecx, eax pop eax push esi mov esi, ecx push edx mov edx, 34 sub esi, edx pop edx mov [esi - 2], eax pop esi pop ecx push ecx mov ecx, [ebp + 10] mov ecx, ebp push eax add eax, 2342 mov eax, 33 add ecx, eax pop eax mov eax, esi push eax mov esi, ecx push edx xor edx, 778f mov edx, 34 sub esi, edx pop edx mov [esi-2], eax pop esi pop ecx push ecx mov ecx,ebp add ecx,33 mov [ecx-36],eax pop ecx
  • 23. Attacking static signature- Metamorphism Anti-Virus Signature Virus Form - C M M Virus Virus Form - A Form - B Too many signatures challenge the AV Scanner Using different signatures for most variants cannot scale.
  • 24.
  • 25.
  • 26. “ Undo” Metamorphism mov [ebp - 3], eax push ecx mov ecx,ebp add ecx,33 push esi mov esi,ecx sub esi,34 mov [esi-2],eax pop esi pop ecx push ecx mov ecx, ebp push eax mov eax, 33 add ecx, eax pop eax push esi mov esi, ecx push edx mov edx, 34 sub esi, edx pop edx mov [esi - 2], eax pop esi pop ecx push ecx mov ecx, [ebp + 10] mov ecx, ebp push eax add eax, 2342 mov eax, 33 add ecx, eax pop eax mov eax, esi push eax mov esi, ecx push edx xor edx, 778f mov edx, 34 sub esi, edx pop edx mov [esi-2], eax pop esi pop ecx push ecx mov ecx,ebp add ecx,33 mov [ecx-36],eax pop ecx
  • 27.
  • 28.
  • 29. Virus Phylogeny [email_address] W32/Bagle.j@mm [email_address] W32/Klez.i@MM W32/NetSky.B [email_address] [email_address] [email_address] [email_address] W32/Bagle.a@mm [email_address] W32/Klez.f@MM W32/Bagle.ao@mm W32/Bagle.u@mm W32/Klez.e@MM W32.NetSky.D W32.NetSky.B W32.NetSky.A W32/Bugbear.17916intd W32/NetSky.A ??
  • 30. Virus Phylogeny [email_address] [email_address] [email_address] [email_address] [email_address] [email_address] W32/Bagle.a@mm W32/Bagle.j@mm [email_address] W32/Klez.i@MM W32/Klez.f@MM W32/Bagle.aq@mm W32/Bagle.u@mm W32/Klez.e@MM W32.NetSky.D W32.NetSky.B W32.NetSky.A W32/Bugbear.17916intd W32/NetSky.B W32/NetSky.A ?? ?? Symantec McAfee
  • 31. Deobfuscator of Calls NORMAL CALL L0: call L5 L1: … L2: … L3: … L4: … L5: <proc> L6: … Call Obfsucations to prevent static analysis OBFUSCATED CALL L0a: push L1 L0b: push L5 L0c: ret L1: … L2: … L3: … L4: … L5: <proc> L6: …
  • 32. DOC: Deobfuscator of Calls DOC
  • 33.
  • 34.
  • 35.
  • 40.
  • 41. Difference Between .COM and .EXE files
  • 42.
  • 44.
  • 45.
  • 46.  
  • 47. TIMID The Host of our Virus TIMID
  • 49.
  • 50.
  • 51.
  • 52.
  • 53.
  • 54.
  • 55.
  • 56.
  • 57.
  • 58.
  • 59.
  • 60.
  • 61.
  • 62.
  • 63.
  • 64.