Abstract
Polymorphic viruses are viruses which unpack themselves at runtime and infect files with a new mutated virus body. Most of the current solutions present blacklist a set of packer. Research has shown many polymorphic viruses to go undetected. This work aims at the problem of detection of such viruses using emulation technique. The main target is to improve the detection rate and reduce false positives. Bochs is a powerful x86-64 emulator and the system has been implemented on Bochs and could successfully detect self-modifying code in test viruses.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.: Semantics-aware malware detection. In: IEEE Symposium on Security and Privacy (May 2005)
Szor, P.: The Art of Computer Virus Research and Defense. Addison Wesley Professional, Reading (2005)
Quist, D., Valsmith.: Covert Debugging: Circumventing Software Armoring Techniques. Black Hat Briefings USA (August 2007)
Kang, M.G., Poosankam, P., Yin, H.: Renovo: A hidden code extractor for packed executables. In: Proceedings of the 5th ACM Workshop on Recurring Malcode, WORM (October 2007)
Martignoni, L., Christodorescu, M., Jha, S.: OmniUnpack: Fast, Generic, and Safe Unpacking of Malware. In: 23rd Annual Computer Security Applications Conference, ACSAC (2007)
Royal, P., Halpin, M., Dagon, D., Edmonds, R., Lee, W.: PolyUnpack: Automating the Hidden-Code Extraction of Unpack-Executing Malware. In: 22nd Annual Computer Security Applications Conference, ACSAC (2006)
Konstantinou, E.: Metamorphic Virus: Analysis and Detection Technical Report. RHUL-MA-2008-02, Royal Holloway, University of London (2008)
Understanding and Managing Polymorphic Viruses. The Symantec Enterprise Papers (1996)
Szor, P., Ferrie, P.: Hunting for Metamorphic. In: Virus Bulletin Conference (2003)
Tropeano, G.: Self-Modifying Code. Code Breakers Journal (2006)
Ludwig, M.: The Giant Black Book of Viruses. American Eagle Publications, Inc. (1995)
Virus-Antivirus Co-evolution. Symantec Research Labs (2001)
IA-32 Intel Architecture Software Developer’s Manual. Intel Corporation (March 2006)
Christodorescu, M., Jha, S.: Static analysis of executables to detect malicious patterns. In: Proceedings of the Usenix Security (2003)
Bayer, U., Kruegel, C., Kirda, E.: TTAnalyze: A Tool for Analyzing Malware. In: 15th Annual Conference of the European Institute for Computer Antivirus Research, EICAR (2006)
VX virus source codes, http://vx.netlux.org/src.php
Norman SandBox Information Center, http://www.norman.com
Online Virus Scanner Suite, http://virustotal.com
WinImage, http://www.winimage.com/winimage.htm
Bochs emulator, http://bochs.sourceforge.net
Simics, http://www.simics.net
QEMU, http://www.qemu.org
Yoda’s Crypter, http://yodap.sourceforge.net/
Armadillo, http://www.siliconrealms.com/
Obsidium, http://www.obsidium.de
PECompact2, http://www.bitsum.com/
Molebox Pro, http://www.molebox.com/
Themida, http://www.oreans.com/
TEMU: The BitBlaze Dynamic Analysis Component, http://bitblaze.cs.berkeley.edu/temu.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kasina, A., Suthar, A., Kumar, R. (2010). Detection of Polymorphic Viruses in Windows Executables. In: Ranka, S., et al. Contemporary Computing. IC3 2010. Communications in Computer and Information Science, vol 95. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14825-5_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-14825-5_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14824-8
Online ISBN: 978-3-642-14825-5
eBook Packages: Computer ScienceComputer Science (R0)