Metamorphic Viruses

Pat Walpole

Introduction

• What are metamorphic viruses

• Why they are dangerous

• Defenses against them

Virus Camouflage Types

• None

• Encrypted

• Polymorphic

• Metamorphic

No Camouflage

Myles Jordan [1]

Encrypted

Myles Jordan [1]

Polymorphic

Myles Jordan [1]

Metamorphic

Myles Jordan [1]

Why Metamorphism is a Problem

• Provides excellent camouflage for the virus code

• Difficult for anti-virus programs to detect

• Difficult for an IDS to detect

General Virus Defenses

• Do not run or install software from an untrusted source

• Do not open email attachments unless you are 100% sure they are from a trusted source

• Use a good antivirus program and keep it updated

Anti Virus Program Techniques

• Run suspected files in an emulator

• Perform heuristic analysis on the behaviors of the program– False positives– May not find viruses that are event based

Conclusion

• Virus writers will always find ways to beat anti-virus protection

• Metamorphism is a very effective camouflage technique

• Keep your computer protected and practice safe computing

References

• [1] Jordan, Myles. Anti-Virus Research Dealing with Metamorphism. http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=48051