Oligomorphic code
Oligomorphic code, also known as semi-polymorphic code, is a method used by a computer virus to obfuscate its decryptor by generating different versions of it, in order to evade detection by antivirus software. It is similar to, but less sophisticated than, polymorphic code.[1]
Oligomorphic code works by randomly selecting each piece of the decryptor from several predefined alternatives. At run time, these components can be combined in various ways to create new, distinct versions of the decryptor.[2]
Having multiple possible decryptors makes it more difficult for a virus to be detected with anti-malware signatures. However, most oligomorphic viruses are only able to generate a limited amount of decryptors,[2] around a few hundred,[citation needed] so detecting them with simple signatures is still possible. Another method to detect an oligomorphic decryptor is to make a signature for each possible piece of code, group pieces that can substitute each other together and scan the file for a chain of decryptor pieces from alternating groups. Emulation may be used to detect the virus, but it can take more resources than necessary.[citation needed]
History
The first known virus using oligomorphic code was the Whale DOS virus, identified in 1990, which chose from a few dozen distinct decryptors. The first Windows 95 virus using oligomorphic code was the Memorial virus, which could generate 96 distinct decryptor patterns. Another example is the Russian virus family WordSwap.[1]
See also
- Timeline of notable computer viruses and worms
- Metamorphic code
- Self-modifying code
- Alphanumeric shellcode
- Shellcode
- Software cracking
- Security cracking
- Obfuscated code
References
- ^ a b Szor, Peter (2005). The Art of Computer Virus Research and Defense. Addison-Wesley. ISBN 9780321304544. Retrieved 27 March 2023.
- ^ a b Blunden, Bill (4 May 2009). The Rootkit Arsenal: Escape and Evasion. Jones & Bartlett Learning, LLC. p. 570. ISBN 9780763782849. Retrieved 27 March 2023.
 | This malware-related article is a stub. You can help Wikipedia by adding missing information. |
Content Disclaimer
Informasi ini disarikan dari Wikipedia dan disajikan kembali untuk tujuan edukasi. Konten tersedia di bawah lisensi CC BY-SA 3.0. Kami tidak bertanggung jawab atas ketidakakuratan data yang bersumber dari kontribusi publik tersebut.
- The information displayed on this website is sourced in part or in whole from Wikipedia and has been adapted for the purpose of restating it. We strive to provide accurate and relevant information, however:
- There is no guarantee of absolute accuracy. Wikipedia is an open, collaborative project that can be edited by anyone, so information is subject to change.
- It is not intended to constitute professional advice. The content displayed is for informational and educational purposes only. For important decisions (e.g., medical, legal, or financial), please consult a professional.
- Content copyright. Wikipedia is licensed under the Creative Commons Attribution-ShareAlike License (CC BY-SA). This means that content may be reused with appropriate attribution and shared under a similar license.
- Responsible use. Any risk arising from the use of information from this website is entirely the responsibility of the user.