That chubby swede (sleepy) wrote,
That chubby swede
sleepy

  • Mood:
  • Music:
Come to think about a little utility I used during the DOS days, NETRUN... a little program that converted .com and .exe files to executable text-files. Truly ASCII files. The technique used to achieve this was a hand crafted UUE decoder that were added on top of the encoded data that represented the executable... what if that technique were applied to a polymorphic virus/worm?

As most of todays virus scanners does heuristic and scan string search through files, they would be rendered useless... as they'd consider a file with 100% readable characters as a text file or perhaps as a script... but they would not try to decode it unless it's obvious that it is UUEncoded. Even if they did, there could be an encrypted layer which scanners would not recognize as an executable.

... and it wouldn't be that hard to hand craft together a decoder that would run under Win32...
Subscribe

  • weird mail

    Some dude contacted me, to try to buy this blog because of the name .. nope. Not for sale, sorry.

  • Almost a year

    We have been living in Västerås for almost a year now, the way here was a bit bumpy in the beginning, as we had two months in between homes. See…

  • More about the move

    Yeah, I have blogged more about the move over at b19.se/blog/kakbit .. in English.

  • Post a new comment

    Error

    default userpic

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 2 comments