informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/virus/virus4.txt

85 lines
4.2 KiB
Plaintext
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿
³ THE VIRUS INFORMER ³ FACT: Each day of the year a
³ your weekly virus newsletter ³ new virus is introduced into
³ by Mark E. Bishop edited by ³ the computer industry.
³ Alan Bechtold ³
ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ
CHAPTER 4: 'The Engine that Kills! A Mutating Menance!'
Dark Avenger Mutation Engine No Threat to Protected PCs
Santa Clara, CA -- May 11,1992 -- McAfee Associates confirmed today that
users of its suite of VIRUSCAN anti-virus products have nothing to fear from
the new generation of mutating or polymorphic viruses.
McAfee Associates, the nation's leading anti-virus software company, has
been swamped with calls from concerned corporate PC users worried about the
threat of the so-called Dark Avenger Mutation Engine.
"Actually, we cracked this engine some months ago and have been shipping
product capable of detecting the Mutation Engine since March," said William
S. McKiernan, vice president, McAfee Associates.
The Dark Avenger Mutation Engine, which first appeared on European bulletin
boards a few months ago, is a new kind of virus threat. In the past, viruses
such as the Jerusalem or the recent Michelangelo strain had distinct, single
identities that made them relatively easy to detect and control.
"The Mutation Engine, however, can be used by virtually anyone to create a
mutating virus which is very difficult to detect," said McKiernan. "The fact
that it is widely available on bulletin boards makes it that much more
frightening."
The Mutation Engine uses encryption techniques to avoid detection. Before
a virus can become active it needs to decrypt itself. Ordinarily the code
used for this decryption remains constant, allowing the use of standard byte
matching techniques for detection.
The Mutation Engine, however, uses a special algorithm to generate a
completely variable decryption routine each time. "The result is that no
three bytes remain constant from one sample to the next," said Igor Grebert,
senior programmer at McAfee Associates. "This makes detection using
conventional string matching techniques impossible."
VIRUSCAN, however, has no such problem. According to McKiernan, the
downloadable shareware contains a new generation of virus detection algorithm
capable of statistical and numerical analysis.
It detects the Mutation Engine by "sensing" its presence rather than by
attempting to actually spot it in a byte-for-byte string comparison.
VIRUSCAN consistently detected all iterations of the Mutation Engine in tests
done at McAfee, McKiernan said.
Santa Clara-based McAfee Associates first received reports of the Mutation
Engine early this year. It is believed that the Engine is a product of the
Bulgarian virus creator responsible for the original conventional Dark
Avenger virus.
Though some viruses using the Mutation Engine have already appeared in the
U.S., the engine is not expected to present a widespread problem for some
time, McKiernan said. Typically the McAfee "early warning" network
identifies new viruses months before they are a threat to the U.S. market.
Nevertheless, the PC world has reacted emotionally to the presence of the
Mutation Engine. "It is clear that the game is forever changed," said
columnist Steve Gibson in a recent issue of the computer journal InfoWorld.
"The sophistication of the Mutation Engine is amazing and staggering."
The presence of the Mutation Engine on bulletin boards may be more of a
threat than the virus itself. "You no longer have to be particularly clever
or experienced to use it," said McKiernan. "Now if you have a modem you can
be in the virus business overnight and the potential for proliferation is a
sobering thought."
McKiernan said that conventional viruses are turning up at a rate of 10 to
20 per week. "We expect that the Mutation Engine will increase this problem
exponentially for those with unprotected systems," he said.
- end -
Downloaded From P-80 International Information Systems 304-744-2253
Reference in New Issue View Git Blame Copy Permalink