With hundreds of thousands of malware samples floating around the internet, AV companies have to struggle everyday in order to keep their detection signatures updated. These malware samples are not necessarily all functionally different to each other, but most of them try to appear different in an attempt to bypass AV products.
In reality, the concept of polymorphism is still much more popular than metamorphism. The reason for this is, that polymorphism as we know it today, through malware samples is far easier to achieve.
While metamorphism requires re-implementing parts of the code, while keeping the same functionality, polymorphism is generally applied by keeping the code intact but encrypting it each time with a different method or via the use of different encryption keys. Metamorphism also commonly uses the insertion of junk code that can be changed quickly, making it effective at defeating static detection, though the insertion of junk code. This could also be considered as ‘cheap metamorphism’ since no real re-implementation of the code was done, but the code does appear different. Continue reading
In a recent ‘The Cost of Cyber Crime’ report, the government estimated Cyber Crime costs the UK economy around £27bn a year. Businesses paid around £21bn, the Government £2.2bn and citizens £3.1bn (Gov.uk, 2011). Continue reading
44CON is an annual Information Security Conference and Training event taking place at the Millenium Conference Centre in London. The event is designed to provide something for both the business and technical Information Security Professionals. Continue reading