Virus Writing Techniques presented at THOTCON 1

by Tim Sally (Information Trust Institute),

Tags: Security Malware


Summary : The state of software security in early
1990 was abysmal; vendors relied on secu
rity through obscurity and were slow to
patch or improve the security of their p
roducts. This changed with full disclosu
re, which forced software vendors to ado
pt effective security policies and pract
ices. The antivirus industry of today lo
oks much like the software industry of 1
990. The effectiveness of existing solut
ions is stagnant or decreasing and vendo
rs mislead their customers about the cap
abilities of their products. This talk e
xplores the idea of bringing full disclo
sure to the antivirus industry in an att
empt to jumpstart innovation and improve
the effectiveness of antivirus. We will
examine modern virus writing techniques
and explore the implementation of a new
metamorphic engine. We will show that t
he metamorphic engine is capable of evad
ing modern antivirus and we will make a
few recommendations on how detection rat
es could be improved.

Tim Sally is a computer science undergra
duate at the University of Illinois, Urb
ana-Champaign. He has worked at a Depar
tment of Energy funded research center a
nd at a large defense contractor. His s
tudies are fully funded by the National
Science Foundation.