About: Oligomorphic code

An Entity of Type: MalevolentProgram106573020, from Named Graph: http://dbpedia.org, within Data Space: dbpedia.org

An oligomorphic code is generally used by a computer virus to generate a decryptor for itself in a way comparable to a simple polymorphic code. It does this by randomly selecting each piece of the decryptor from several predefined alternatives.The pieces used to build the decryptor are usually too common to be detected with signatures. However, most oligomorphic viruses aren't able to generate more than just a few hundred different decryptors, so detecting them with simple signatures is still possible. Another method to detect an oligomorphic decryptor is to make a signature for each possible piece of code, group pieces that can substitute each other together and scan the file for a chain of decryptor pieces from alternating groups. Emulation may be used to detect the virus, but it can tak

Property	Value
dbo:abstract	En el contexto del malware, el oligomorfismo es una técnica usada para intentar evadir la detección. Consiste en un paso más avanzado que el cifrado de parte del código. Al malware que usa esta técnica se le llama malware oligomórfico. Cuando usamos cifrado en el malware tenemos una parte cifrada (contiene la carga maliciosa) y un descifrador/cargador que carga en memoria la parte cifrada, la descifra en memoria y la ejecuta. La clave para descifrar está explícita o implícitamente en el descifrador/cargador. El oligomorfismo va más allá, tiene una colección de posibles diferentes descifradores/cargadores que son elegidos al azar por cada nueva víctima. De esta forma el código del descifrador/cargador no es el mismo en todos los casos. Esto dificulta un poco la detección del descifrador/cargador ya que en lugar de comprobar solo un descifrador/cargador, se tiene que comprobar todas las posibles formas que puede tener el descifrador/cargador (como mucho varios centenares). El primer virus conocido oligomórfico era ”Whale”, un virus de DOS que fue presentado en 1990. (es) An oligomorphic code is generally used by a computer virus to generate a decryptor for itself in a way comparable to a simple polymorphic code. It does this by randomly selecting each piece of the decryptor from several predefined alternatives.The pieces used to build the decryptor are usually too common to be detected with signatures. However, most oligomorphic viruses aren't able to generate more than just a few hundred different decryptors, so detecting them with simple signatures is still possible. Another method to detect an oligomorphic decryptor is to make a signature for each possible piece of code, group pieces that can substitute each other together and scan the file for a chain of decryptor pieces from alternating groups. Emulation may be used to detect the virus, but it can take more resources than necessary. (en)
dbo:wikiPageID	2154742 (xsd:integer)
dbo:wikiPageLength	1314 (xsd:nonNegativeInteger)
dbo:wikiPageRevisionID	1057010405 (xsd:integer)
dbo:wikiPageWikiLink	dbr:Metamorphic_code dbr:Alphanumeric_shellcode dbr:Computer_virus dbc:Computer_viruses dbr:Software_cracking dbr:Self-modifying_code dbr:Shellcode dbr:Polymorphic_code dbr:Security_cracking dbr:Obfuscated_code dbr:Timeline_of_notable_computer_viruses_and_worms
dbp:auto	yes (en)
dbp:date	December 2009 (en)
dbp:wikiPageUsesTemplate	dbt:Short_description dbt:Unreferenced_stub dbt:Malware-stub
dcterms:subject	dbc:Computer_viruses
rdf:type	yago:WikicatComputerViruses yago:Abstraction100002137 yago:Code106355894 yago:CodingSystem106353757 yago:Communication100033020 yago:MalevolentProgram106573020 yago:Program106568978 yago:Writing106359877 yago:WrittenCommunication106349220 yago:Software106566077 yago:Virus106585816
rdfs:comment	En el contexto del malware, el oligomorfismo es una técnica usada para intentar evadir la detección. Consiste en un paso más avanzado que el cifrado de parte del código. Al malware que usa esta técnica se le llama malware oligomórfico. Cuando usamos cifrado en el malware tenemos una parte cifrada (contiene la carga maliciosa) y un descifrador/cargador que carga en memoria la parte cifrada, la descifra en memoria y la ejecuta. La clave para descifrar está explícita o implícitamente en el descifrador/cargador. (es) An oligomorphic code is generally used by a computer virus to generate a decryptor for itself in a way comparable to a simple polymorphic code. It does this by randomly selecting each piece of the decryptor from several predefined alternatives.The pieces used to build the decryptor are usually too common to be detected with signatures. However, most oligomorphic viruses aren't able to generate more than just a few hundred different decryptors, so detecting them with simple signatures is still possible. Another method to detect an oligomorphic decryptor is to make a signature for each possible piece of code, group pieces that can substitute each other together and scan the file for a chain of decryptor pieces from alternating groups. Emulation may be used to detect the virus, but it can tak (en)
rdfs:label	Oligomorfismo (malware) (es) Oligomorphic code (en)
owl:sameAs	freebase:Oligomorphic code yago-res:Oligomorphic code wikidata:Oligomorphic code dbpedia-es:Oligomorphic code dbpedia-fa:Oligomorphic code https://global.dbpedia.org/id/4sy72
prov:wasDerivedFrom	wikipedia-en:Oligomorphic_code?oldid=1057010405&ns=0
foaf:isPrimaryTopicOf	wikipedia-en:Oligomorphic_code
is dbo:wikiPageWikiLink of	dbr:Antivirus_software dbr:Polymorphic_code
is foaf:primaryTopic of	wikipedia-en:Oligomorphic_code