V C L A S M G E N E R A T O R v.9 9b ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ What is the VCL ASM Mutator? As we know all the VCL viruses are detectable now. Without knowledge of asm, one cannot make the neccessary changes to a VCL virus. This will help change the sistuation but only until the next AV author shoves it in his next version of a scanner. Basically this program will mutate most of VCL code and produce a undectable asm. Follow the switches and go from there. I kept the patterns.cfg as a seperate file so that everyone could read it and look through it. I figured it would be a waste of a utility if people could not see what was going on and learn something! I have a couple of ideas left on improving the utility and would appreciate any feedback I can get on bugs or better ways to improve it. If you think it is lame, then give a whirl and try yourself. I will be more than happy to give you the source code. Stick your VCL.ASM in the same directory as the mutator. Run the utility and you will be left with VCL.UND . Recompile this code and you should have undectable vcl virus once again. Future plans for VCLMUTATE? () Correct any bugs in v.99b () Add a autoscan feature without a patterns file that will scan VCL viruses for new dectable mutated strings and mutate the virus again. Not only will this mutate VCL asm but ANY virus source code from being detected by Mcafee, F-prot, TBAV. I have some code written now but it is WAY to buggy to release. (Maybe next version) () Patch any VCL routines that do not work with code that does. () Any more ideas please let me know.... P.S. Unlike others who write thier CRAP in Pascal, this was written in C++! FireCracker, [NuKE] -=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- C H I B A C I T Y B L U E S - 8 0 4 7 9 0 1 3 2 9 2 N O D E S