metamorphic viruses pat walpole. introduction what are metamorphic viruses why they are dangerous...
Post on 21-Dec-2015
213 views
TRANSCRIPT
Metamorphic Viruses
Pat Walpole
Introduction
• What are metamorphic viruses
• Why they are dangerous
• Defenses against them
Virus Camouflage Types
• None
• Encrypted
• Polymorphic
• Metamorphic
No Camouflage
Myles Jordan [1]
Encrypted
Myles Jordan [1]
Polymorphic
Myles Jordan [1]
Metamorphic
Myles Jordan [1]
Why Metamorphism is a Problem
• Provides excellent camouflage for the virus code
• Difficult for anti-virus programs to detect
• Difficult for an IDS to detect
General Virus Defenses
• Do not run or install software from an untrusted source
• Do not open email attachments unless you are 100% sure they are from a trusted source
• Use a good antivirus program and keep it updated
Anti Virus Program Techniques
• Run suspected files in an emulator
• Perform heuristic analysis on the behaviors of the program– False positives– May not find viruses that are event based
Conclusion
• Virus writers will always find ways to beat anti-virus protection
• Metamorphism is a very effective camouflage technique
• Keep your computer protected and practice safe computing
References
• [1] Jordan, Myles. Anti-Virus Research Dealing with Metamorphism. http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=48051