Evolving shell code presented at Virus Bulletin 2006

by Masaki Suenega (Symantec security response),

Tags: Security

URL : http://www.virusbtn.com/conference/vb2006/abstracts/Suenega.xml

Summary : "This paper deals with the shell code seen in data files, such as image files that exploit
certain vulnerabilities. At first the shell code used in these files was not difficult
to analyse, with most cases having easily resolved API calls. However, gradually the
code has become more difficult to analyse, with API calls obfuscated and instructions
encrypted.Some shell code, which we've seen in Microsoft Word documents, destroy their host data
files after execution. Other shell codes are represented only by ASCII characters,
which look just like benign text. These techniques and others will be discussed in this