About: Oligomorphic code     Goto   Sponge   NotDistinct   Permalink

An Entity of Type : yago:Virus106585816, within Data Space : dbpedia.org associated with source document(s)
QRcode icon
http://dbpedia.org/describe/?url=http%3A%2F%2Fdbpedia.org%2Fresource%2FOligomorphic_code&graph=http%3A%2F%2Fdbpedia.org&graph=http%3A%2F%2Fdbpedia.org

An oligomorphic code is generally used by a computer virus to generate a decryptor for itself in a way comparable to a simple polymorphic code. It does this by randomly selecting each piece of the decryptor from several predefined alternatives.The pieces used to build the decryptor are usually too common to be detected with signatures. However, most oligomorphic viruses aren't able to generate more than just a few hundred different decryptors, so detecting them with simple signatures is still possible. Another method to detect an oligomorphic decryptor is to make a signature for each possible piece of code, group pieces that can substitute each other together and scan the file for a chain of decryptor pieces from alternating groups. Emulation may be used to detect the virus, but it can tak

AttributesValues
rdf:type
rdfs:label
  • Oligomorfismo (malware) (es)
  • Oligomorphic code (en)
rdfs:comment
  • En el contexto del malware, el oligomorfismo es una técnica usada para intentar evadir la detección. Consiste en un paso más avanzado que el cifrado de parte del código. Al malware que usa esta técnica se le llama malware oligomórfico. Cuando usamos cifrado en el malware tenemos una parte cifrada (contiene la carga maliciosa) y un descifrador/cargador que carga en memoria la parte cifrada, la descifra en memoria y la ejecuta. La clave para descifrar está explícita o implícitamente en el descifrador/cargador.​ (es)
  • An oligomorphic code is generally used by a computer virus to generate a decryptor for itself in a way comparable to a simple polymorphic code. It does this by randomly selecting each piece of the decryptor from several predefined alternatives.The pieces used to build the decryptor are usually too common to be detected with signatures. However, most oligomorphic viruses aren't able to generate more than just a few hundred different decryptors, so detecting them with simple signatures is still possible. Another method to detect an oligomorphic decryptor is to make a signature for each possible piece of code, group pieces that can substitute each other together and scan the file for a chain of decryptor pieces from alternating groups. Emulation may be used to detect the virus, but it can tak (en)
dcterms:subject
Wikipage page ID
Wikipage revision ID
Link from a Wikipage to another Wikipage
sameAs
dbp:wikiPageUsesTemplate
auto
  • yes (en)
date
  • December 2009 (en)
has abstract
  • En el contexto del malware, el oligomorfismo es una técnica usada para intentar evadir la detección. Consiste en un paso más avanzado que el cifrado de parte del código. Al malware que usa esta técnica se le llama malware oligomórfico. Cuando usamos cifrado en el malware tenemos una parte cifrada (contiene la carga maliciosa) y un descifrador/cargador que carga en memoria la parte cifrada, la descifra en memoria y la ejecuta. La clave para descifrar está explícita o implícitamente en el descifrador/cargador.​ El oligomorfismo va más allá, tiene una colección de posibles diferentes descifradores/cargadores que son elegidos al azar por cada nueva víctima. De esta forma el código del descifrador/cargador no es el mismo en todos los casos. Esto dificulta un poco la detección del descifrador/cargador ya que en lugar de comprobar solo un descifrador/cargador, se tiene que comprobar todas las posibles formas que puede tener el descifrador/cargador (como mucho varios centenares​).​ El primer virus conocido oligomórfico era ”Whale”, un virus de DOS que fue presentado en 1990.​ (es)
  • An oligomorphic code is generally used by a computer virus to generate a decryptor for itself in a way comparable to a simple polymorphic code. It does this by randomly selecting each piece of the decryptor from several predefined alternatives.The pieces used to build the decryptor are usually too common to be detected with signatures. However, most oligomorphic viruses aren't able to generate more than just a few hundred different decryptors, so detecting them with simple signatures is still possible. Another method to detect an oligomorphic decryptor is to make a signature for each possible piece of code, group pieces that can substitute each other together and scan the file for a chain of decryptor pieces from alternating groups. Emulation may be used to detect the virus, but it can take more resources than necessary. (en)
prov:wasDerivedFrom
page length (characters) of wiki page
foaf:isPrimaryTopicOf
is Link from a Wikipage to another Wikipage of
is foaf:primaryTopic of
Faceted Search & Find service v1.17_git139 as of Feb 29 2024


Alternative Linked Data Documents: ODE     Content Formats:   [cxml] [csv]     RDF   [text] [turtle] [ld+json] [rdf+json] [rdf+xml]     ODATA   [atom+xml] [odata+json]     Microdata   [microdata+json] [html]    About   
This material is Open Knowledge   W3C Semantic Web Technology [RDF Data] Valid XHTML + RDFa
OpenLink Virtuoso version 08.03.3330 as of Mar 19 2024, on Linux (x86_64-generic-linux-glibc212), Single-Server Edition (61 GB total memory, 36 GB memory in use)
Data on this page belongs to its respective rights holders.
Virtuoso Faceted Browser Copyright © 2009-2024 OpenLink Software