Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

As a part of a course I study polymorphic/metamorphic malware. Every single pape

ID: 657823 • Letter: A

Question

As a part of a course I study polymorphic/metamorphic malware. Every single paper and article I've stumbled upon mentions the techniques used by a malware to achieve polymorphism/metamorphism but non is mentioning the language(s) in which most polymorphic/metamorphic is written on or code examples of that particular technique.

My understanding is that malware can be written using almost any language, from Visual Basic, C and C++ to Java and Python. My question is: In order to achieve polymorphic/metamorphic behavior do you need a low level or a high lever language? Do we know which language most polymorphic/metamorphic malwares use?

Explanation / Answer

Polymorphic/metamorphic is usually at least partially written in a low level language.

The purpose of polymorphic malware is to evade virus scanners. It does so by making it hard to identify a signature for the file. The simplest version, of course, is a loader which decrypts a section of code when it is time to run. However, this has a limitation: the loader is now an easy signature to spot!

The solution is to write the loader in a polymorphic manner itself. This is a sort of chicken and the egg problem. However, we know the application EVENTUALLY gets compiled down to machine code, so polymorphic code developers will write machine code which can be mixed and mutated and still work.

This low level work is very hard to do in any language above assembly, because the higher level you go, the more of a signature you'll leave behind (high level languages were never written to avoid leaving signatures).

However, that doesn't mean the entire malware has to be low level. Once you can make a poylmorphic malware that knows how to decrypt and encrypt code, it becomes possible to write the rest of the virus in a high level language, and just attach it to the low level polymorphic loader/encrypter/decrypter.

(And, of course, this battle will continue if the virus scanner looks at memory after decrypting, but I think just handling this "scan the file for signatures" Virus Scanner approach should get you going!)

Related Questions

As a new audit staff member of Namtip & Associates CPAs, you have been assigned
Question #3855629
As a new auditor for the CPA firm of Croix, Marais, and Kale, you have been assi
Question #2428294
As a new design engineer at JAMCO, a Japanese supplier for Airbus A380, you are
Question #1819712
As a new electrical engineer for the local power company, you are assigned the p
Question #1493869
As a new electrical engineer for the local power company, you are assigned the p
Question #1494125
As a new electrical engineer for the local power company, you are assigned the p
Question #1904981
As a new electrical technician, you are designing a large solenoid to produce a
Question #2039042
As a new employee at Canyon rental, an outdoor outfitters and supply shop, your
Question #2498185
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
As a part of a campaign for a new gourmet foods store, advertisement flyers will
Next
As a part of a student project, a new medication for Alzheimer\'s disease was te

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.