Talks

THOTCON 0x1

Virus Writing Techniques
The state of soft­ware se­cur­ity in early 1990 was abysmal; vendors re­lied on se­cur­ity through ob­scur­ity and were slow to patch or im­prove the se­cur­ity of their products. This changed with full dis­clos­ure, which forced soft­ware vendors to ad­opt ef­fect­ive se­cur­ity policies and prac­tices. The an­ti­vir­us in­dustry of today looks much like the soft­ware in­dustry of 1990. The ef­fect­ive­ness of ex­ist­ing solu­tions is stag­nant or de­creas­ing and vendors mis­lead their cus­tom­ers about the cap­ab­il­it­ies of their products. This talk ex­plores the idea of bring­ing full dis­clos­ure to the an­ti­vir­us in­dustry in an at­tempt to jump­start in­nov­a­tion and im­prove the ef­fect­ive­ness of an­ti­vir­us. We will ex­am­ine mod­ern vir­us writ­ing tech­niques and ex­plore the im­ple­ment­a­tion of a new meta­morph­ic en­gine. We will show that the meta­morph­ic en­gine is cap­able of evad­ing mod­ern an­ti­vir­us and we will make a few re­com­mend­a­tions on how de­tec­tion rates could be im­proved.