Author: Orr # Views: 62664

The W32.Evol virus was discovered around July 2000. Its name is derived from a string found in the virus, but much more can be implied from the name. Up until then, most of the viruses were using Polymorphic engines in order to hide themselves from Anti-Virus scanners. The engine would encrypt the virus with a different key on every generation, and would generate a small, variant decryptor that would consist of different operations but remain functionally equivalent. This technique was beginning to wear out as AV scanners would trace virus-decryption until it was decrypted in memory, visible and clear.



This article explores the features and functionality of the metamorphic engine of the Evol virus, the first virus to utilize a 'true' metamorphic engine according to Symantec.



Full Article ... Printer Friendly ... Write Comment | View Complete Comments



Username Comment Excerpt Date nEINEI good work~~ Friday, November 27 2009 04:04.08 CST adityaks nice one man Wednesday, June 20 2007 06:07.58 CDT Orr The mistake is in the paper and not in the engi... Friday, April 6 2007 16:02.00 CDT eraser You are right MazeGen. [code] EB cb JMP cb ... Wednesday, April 4 2007 13:33.07 CDT MazeGen Very interesting article, thanks. There's on... Friday, March 30 2007 02:57.38 CDT