Introducing 

Prezi AI.

Your new presentation assistant.

Refine, enhance, and tailor your content, source relevant images, and edit visuals quicker than ever before.

Loading content…
Transcript

POLYMORPHIC AND METAMORPHIC CODE by: Camden Church and Cody Eades

FACTS

This technique is sometimes used by computer viruses, shellcodes and computer worms to hide their presence.

Metamorphic code is used by some viruses when they are about to infect new files, and the result is that the next generation will never look like current generation.

facts

what happens to the computer?

Most anti-virus software and intrusion detection systems (IDS) attempt to locate malicious code by searching through computer files and data packets sent over a computer network.

Metamorphic viruses often translate their own binary code into a temporary representation, editing the temporary representation of themselves and then translate the edited form back to machine code again.

what does it have to do with viruses?

They are a series of codes that where used to create the first virus.

FACTS

what is it?

Metamorphic~Metamorphic code is code that when run outputs a logical equivalent version of its own code under some interpretation

Metamorphic code can also mean that a virus is capable of infecting executables from two or more different operating systems (such as Windows and GNU/Linux) or even different computer architectures. Often, the virus does this by carrying several viruses within itself. The beginning of the virus is then coded so that it translates to correct machine-code for all of the platforms that it is supposed to execute in. This is used primarily in remote exploit injection code where the target platform is unknown.

Polymorphic~ Polymorphic code is code that uses a polymorphic engine to mutate while keeping the original algorithm(a process or set of rules to be followed in calculations or other problem-solving operations) intact.

Facts

FACTS

Often, the virus does this by carrying several viruses within itself.

FACTS

polymorphic code, where the polymorphic engine can not rewrite its own code.

Encryption is the most common method to hide code

The encrypted code is the payload. To make different versions of the code, in each copy the garbage lines which manipulate C will change. The code inside "Encrypted" ("lots of encrypted code") can search the code between Decryption_Code and CryptoKey and e algorithm for new code that does the same thing. Usually the coder uses a zero key (for example; A xor 0 = A) for the first generation of the virus, making it easier for the coder because with this key the code is not encrypted. The coder then implements an incremental key algorithm or a random one.

Metamorphic code can also mean that a virus is capable of infecting executables from two or more different operating systems (such as Windows and GNU/Linux) or even different computer architectures. Often, the virus does this by carrying several viruses within itself.

fACTS

FACTS

Facts

A program can metamorph by translating its own code into a temporary representation, edit the temporary representation of itself, and then write itself back to normal code again.

A metamorphic virus can change itself in many ways in order to avoid detection or infect multiple hosts.

It’s possible that metamorphic code can allow a virus to infect files on multiple operating systems or computer architectures. This is rare however and difficult to do.

A polymorphic virus encrypts its original code to avoid pattern recognition; the metamorphic virus changes its code to an equal form.

REFERENCES

CKNOW.COM

WIKIPEDIA.COM

Learn more about creating dynamic, engaging presentations with Prezi