Home      Discussion      Topics      Dictionary      Almanac
Signup       Login
Metamorphic code

Metamorphic code

Overview
In computer virus
Computer virus
A computer virus is a computer program that can copy itself and infect a computer. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability...

 terms, metamorphic code is code that can reprogram itself. Often, it does this by translating its own code into a temporary representation, edit the temporary representation of itself, and then write itself back to normal code again.http://vx.netlux.org/lib/vmd01.html This procedure is done with the virus itself, and thus also the metamorphic engine itself undergoes changes.
Discussion
Ask a question about 'Metamorphic code'
Start a new discussion about 'Metamorphic code'
Answer questions from other users
Full Discussion Forum
 
Encyclopedia
In computer virus
Computer virus
A computer virus is a computer program that can copy itself and infect a computer. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability...

 terms, metamorphic code is code that can reprogram itself. Often, it does this by translating its own code into a temporary representation, edit the temporary representation of itself, and then write itself back to normal code again.http://vx.netlux.org/lib/vmd01.html This procedure is done with the virus itself, and thus also the metamorphic engine itself undergoes changes. This is used by some viruses when they are about to infect new files, and the result is that the "children" will never look like their "parents". The computer viruses that use this technique do this in order to avoid the pattern recognition
Pattern recognition
Pattern recognition is "the act of taking in raw data and taking an action based on the category of the pattern". Most research in pattern recognition is about methods for supervised learning and unsupervised learning....

 of anti-virus software: the actual algorithm does not change, but everything else might.

The main difference between metamorphic and polymorphic
Polymorphic code
In computer terminology, polymorphic code is code that uses a polymorphic engine to mutate while keeping the original algorithm intact. That is, the code changes itself each time it runs, but the function of the code in whole will not change at all. This technique is sometimes used by computer...

 viruses is the fact that a polymorphic virus ciphers its original code to avoid pattern recognition, and a metamorphic virus changes its code to an equivalent one (i.e. the codes do essentially the same thing). This modification can be achieved using techniques like inserting NOP
NOP
In computer science NOP or NOOP is an assembly language instruction, sequence of programming language statements, or computer protocol command that effectively does nothing at all.-NOP machine instruction:Some computer instruction sets include an instruction whose explicit purpose is not to...

 instructions, swapping registers, changing flow control with jumps or reordering independent instructions. Metamorphic code is usually more effective than polymorphic code
Polymorphic code
In computer terminology, polymorphic code is code that uses a polymorphic engine to mutate while keeping the original algorithm intact. That is, the code changes itself each time it runs, but the function of the code in whole will not change at all. This technique is sometimes used by computer...

. This is because the anti-virus, in order to detect it, will need to use some kind of emulation to analyze the code behavior.

Metamorphic code can also mean that a virus is capable of infecting executables from two or more different operating system
Operating system
An operating system is an interface between hardware and user which is responsible for the management and coordination of activities and the sharing of the resources of the computer that acts as a host for computing applications run on the machine. As a host, one of the purposes of an operating...

s (such as Windows
Microsoft Windows
Microsoft Windows is a series of software operating systems and graphical user interfaces produced by Microsoft. Microsoft first introduced an operating environment named Windows in November 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces...

 and GNU/Linux
Linux
Linux is a generic term referring to Unix-like computer operating systems based on the Linux kernel. Their development is one of the most prominent examples of free and open source software collaboration; typically all the underlying source code can be used, freely modified, and redistributed,...

) or even different computer architecture
Computer architecture
In computer engineering, computer architecture is the conceptual design and fundamental operational structure of a computer system. It is a blueprint and functional description of requirements and design implementations for the various parts of a computer, focusing largely on the way by which the...

s. Often, the virus does this by carrying several viruses with itself. The beginning of the virus is then coded so that it translates to correct machine-code for all of the platforms that it is supposed to execute in http://www.phrack.org/issues.html?issue=57&id=17. It is possible, in theory, for a metamorphic virus to rewrite the temporary representation of itself into another set of instructions, intended for another computer architecture. The API
Application programming interface
An application programming interface is an interface in computer science that defines the ways by which an application program may request services from libraries and/or operating systems. An API determines the vocabulary and calling conventions the programmer should employ to use the services...

 would also have to be changed.

See also

  • Self-modifying code
    Self-modifying code
    In computer science, self-modifying code is code that alters its own instructions while it is executing - usually to reduce the instruction path length and improve performance or simply to reduce otherwise repetitively similar code thus simplify maintenance...

  • Strange loop
    Strange loop
    A strange loop arises when, by moving up or down through a hierarchical system, one finds oneself back where one started.Strange loops may involve self-reference and paradox...

  • Polymorphic code
    Polymorphic code
    In computer terminology, polymorphic code is code that uses a polymorphic engine to mutate while keeping the original algorithm intact. That is, the code changes itself each time it runs, but the function of the code in whole will not change at all. This technique is sometimes used by computer...

  • Timeline of notable computer viruses and worms
    Timeline of notable computer viruses and worms
    This is a timeline of noteworthy computer viruses, worms and Trojan horses.- 1971 :* The Creeper virus, an experimental self-replicating program, is written by Bob Thomas at BBN. Creeper infected DEC PDP-10 computers running the TENEX operating system...


External links


http://www.symantec.com/avcenter/reference/hunting.for.metamorphic.pdf Hunting for Metamorphic