Journal Issues
| Vol.5, No.1, 2008 | | Vol.4, No.2, 2007 | | Vol.4, No.1, 2007 | | Vol.3, No.2, 2006 | | RECON2006 Conf. Proc. | | Vol.3, No.1, 2006 | | RECON2005 Conf. Proc. | | Vol.2, No.1, 2005 | | Vol.1, No.2, 2004 | | Vol.1, No.1, 2004 |
Statistics
Members: 1925
News: 291
Web Links: 1
Visitors: 3542806
Who's Online
We have 1 guest online
|
 Damn Vulnerable Linux (DVL) is a Linux-based (modified Damn Small Linux) tool for IT-Security & IT-Anti- Security and Attack & Defense. [ CLICK HERE FOR MORE INFOS! ]
|
Featured Conference Video
 OllyBone - Semi-Automatic Unpacking on IA-32. View the conference video here!
|
Home
|
Multi-cavity NOP-infection OS-Independent x86 Virus |
|
Written by Anthony de Almeida Lopes
|
This presentation will be about a virus/worm framework which takes
advantage of the abundance of NOP-areas produced by modern compilers in
executables.
The virus is bound to the x86 CPU architecture (with the
possibility of porting it to other CISC architectures); however, a
key feature of this infection vector is that the virus is operaing
system independent. The majority of my work so far has been done
on GNU/Linux but tests have been run on Windows XP, NetBSD and
FreeBSD. Future targets include Solaris/x86 and Mac OS X/x86. It
should be noted that this is not an ELF or PE/COFF virus: it is
executable format independent.
This presentation will explain, in gory-detail, how I implemented
the generation zero NOP-infectors in C and how self-replication is
done in the assembly version. I will describe the algorithms and
data structures involved; and I will talk about the many
challenges in implementing them and how those problems were solved.
I will talk about possible methods of detection, prevention and
what sysadmins might do to protect themselves. I will also talk
about future plans for the virus.
Download: http://www.secure-software-engineering.com/downloads/recon2006/recon2006_Lopes_Multi_Cavity_Infection.tgz
|
|