The re-birth of the metamorphic virus

By Ron Condon, UK bureau chief 14 Apr 2008 | SearchSecurity.co.uk

Digg This!     StumbleUpon     Del.icio.us

Most of us trust our anti-virus software to defence us because the AV companies appear to have won the battle with the virus-writers. They understand the tricks that virus writers use, and they have the techniques to defend against them.

But in the latest in our series of articles from recent MSc graduates of Royal Holloway College, Evgenios Konstantinou warns that our comfort might be short-lived. He traces the development of the virus from its early days right through to the far more sophisticated polymorphic and metamorphic examples, which he says could prove impossible to block.

Konstantinou, who works in the information security department of the Marfin Popular Bank in Cyprus, says he has been fascinated with malicious code since his undergraduate days, and says this is what inspired him to do the Masters course at Royal Holloway.

"Malicious code is interesting because it is not just boring software," he says. "It is a very intelligent piece of code, written by very intelligent people, and it gives the impression that it has 'a life of its own'. Metamorphic viruses are the most ingenious and advanced viruses ever written, so their study is very interesting. In addition to this, malicious software is one of the greatest threats to information technology."

The metamorphic viruses that he details in the article are so complex and difficult to write, he says, that they are beyond the ability of most virus writers. And with so much easy money to be had from other types of cybercrime, such as phishing and DDOS attacks, metamorphic viruses appeared for a while to be less of a threat.

But now there are signs that hackers are once more trying their hand at building these viruses that, according to Konstantinou, would be very hard to defend against.

Anyone in security whose knowledge of virus-writing is less than complete should read this article, especially those who, in Konstantinou's words "do not want to be tricked by vendors who claim that their anti-virus software 'can detect everything'".

CLICK HERE to read the full article.

Tags: Secure Coding and Application Programming,  Secure User Authentication and Authorization,  Platform and OS Security Management,  Email and Instant Messaging Security,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Secure Coding and Application Programming Improving software with the Building Security in Maturity Model (BSIMM) SANS Institute, MITRE release new top 25 dangerous coding errors list Code complexity analysis: How to keep it simple Active PDF attacks target Reader, Acrobat zero-day vulnerability Software piracy group offers cash to whistleblowers SQL injection detection tools and prevention strategies Cross-site scripting explained: How to prevent attacks H.D. Moore speaks about Metasploit Project deal, Release 3.3 Metasploit Project acquired by vulnerability management firm Rapid7 Will Web application firewalls (WAFs) catch most security vulnerabilities? Secure User Authentication and Authorization Preventing password fatigue with single sign-on (SSO) authentication Gridsure finds global deal for its pattern-based authentication Physical security threats: Don't gift your data away Using unique device identification for bank website security Yahoo login credentials at risk to hijacking attack Single sign-on system removes password chaos at East Kent NHS Trust Tokenless two-factor authentication helps council with CoCo compliance Risk-based multifactor authentication implementation best practices Chip and PIN adoption serves lesson for U.S. payment industry Group to shed light on secure identity management threats Platform and OS Security Management Microsoft issues advisory on new IE security vulnerability Microsoft patches SMB flaws, Hyper-V problem in big update Microsoft blue screen affecting few corporate PCs Microsoft to fix 26 flaws in Windows, Office Thin-client technologies surge thanks to easier security, says Deloitte Microsoft issues critical security update, blocks IE 6 attacks How to use Windows XP Mode in Windows 7 Microsoft to patch single Windows 2000 vulnerability How to prevent memory dump attacks Microsoft gives Internet Explorer a major security overhaul

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Chip and PIN  (SearchSecurityUK.com) UK Identity Cards Act  (SearchSecurityUK.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary