1. Polymorphism in Computer Viruses CS265 Security Engineering Term Project Puneet Mishra

2. Definitions A computer virus is a program with malicious intent to cause abnormal disruption of the operation of a computer Polymorphism : The occurrence of different forms, stages, or types in individual organisms or in organisms of the same species, independent of sexual variations

3. Polymorphism : Scenario Biological Counter environmental threats Computer Science Absent Good Software Engineering Practice Design Flaws Propagated

4. Polymorphic Virus Avoid Detection by pattern matching scanners Incorporate Randomness and Complexity via Code Obfuscation Produces multiple functionally equivalent copies of itself

5. History First known example Chameleon, 1991 First widespread effect Tequila, 1991 Code transformation Polymorphic Generators Bulletin Boards Examples –MtE by Dark Avenger

6. Polymorphism Techniques and Virus Detection Hide and Seek Game Polymorphic Generators OBJ files linked to virus

7. Classification of Polymorphic Virus Classificationby Dr. Solomon Level 1: Set of Encryp/Decryp Level 2: One or several constant instructions Level 3: Unused functions / Instructions eg. NOP etc.

8. Classification of Polymorphic Virus Level 4: Interchangeable instructions Instructions mixing Level 5: 1 through 4 and changeable decryption algorithm, repeated encryption of virus code and partial encryption of the decryptor code Level 6: Main code changeable

9. Anti-Virus Software Emulation Sand-Boxing via Virtual Computer Environment

10. Conclusion Strong Threat Next level : Metamorphic Viruses

11. Thank You!