Non-Normalizable Functions: A New Method to Generate Metamorphic Malware

To successfully identify the metamorphic viruses oriented from the same base, anti-virus software has adopted the code normalization technique to transform the variations to a more uniform signature representation. Current code normalization technique focuses on the simplification of the arithmetical or logical operators. In this paper, the authors introduce a new technique of generating metamorphic viruses by embedding complicated manipulation functions that cannot be normalized into the malicious executables. Using encryption/decryption functions as an example, they present this evasion strategy that malware writers could employ in the future.

Provided by: University of North Carolina at Charlotte Topic: Security Date Added: Jan 2012 Format: PDF

Find By Topic