Creating Your Own Customized Metamorphic Algorithm
Category: Vulnerability Development
Summary: Most malware uses metamorphic code to evade Antivirus detection. These techniques also slow down security researchers when digging deeper into the malware code. On the malware side, there are many ways to generate and implements the said algorithms, yet our ultimate goal is to detect them.
Let's turn the table for a while. Let's pretend that we are the malware author trying to make our own metamorphic code. In this presentation, we will discussed how to reverse engineer Virlock, a ransomware that uses metamorphic and polymorphic code, and also capable of infecting executable files.
Also in this presentation, based on the Virlock ransomware code, we are going to think as the malware author designing the metamorphic code. We will try to enhance the original design to make the code stronger. And at the end, we will try to think as the security researcher that we are, to mitigate our invention.