That chubby swede (sleepy) wrote,
That chubby swede
sleepy

  • Mood:
  • Music:
Come to think about a little utility I used during the DOS days, NETRUN... a little program that converted .com and .exe files to executable text-files. Truly ASCII files. The technique used to achieve this was a hand crafted UUE decoder that were added on top of the encoded data that represented the executable... what if that technique were applied to a polymorphic virus/worm?

As most of todays virus scanners does heuristic and scan string search through files, they would be rendered useless... as they'd consider a file with 100% readable characters as a text file or perhaps as a script... but they would not try to decode it unless it's obvious that it is UUEncoded. Even if they did, there could be an encrypted layer which scanners would not recognize as an executable.

... and it wouldn't be that hard to hand craft together a decoder that would run under Win32...
Subscribe
  • Post a new comment

    Error

    default userpic

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 2 comments