Metamorphic Viruses with Built-In Buffer Overflow

Author

Ronak Shah, San Jose State University

Publication Date

2010

Degree Type

Master's Project

Degree Name

Master of Science (MS)

Department

Computer Science

Abstract

Metamorphic computer viruses change their structure—and thereby their signature—each time they infect a system. Metamorphic viruses are potentially one of the most dangerous types of computer viruses because they are difficult to detect using signature-based methods. Most anti-virus software today is based on signature detection techniques. In this project, we create and analyze a metamorphic virus toolkit which creates viruses with a built-in buffer overflow. The buffer overflow serves to obfuscate the entry point of the actual virus, thereby making detection more challenging. We show that the resulting viruses successfully evade detection by commercial virus scanners. Several modern operating systems (e.g., Windows Vista and Windows 7) employ address space layout randomization (ASLR), which is designed to prevent most buffer overflow attacks. We show that our proposed buffer overflow technique succeeds, even in the presence of ASLR. Finally, we consider possible defenses against our proposed technique.

Recommended Citation

Shah, Ronak, "Metamorphic Viruses with Built-In Buffer Overflow" (2010). Master's Projects. 28.
DOI: https://doi.org/10.31979/etd.dtrm-p5ed
https://scholarworks.sjsu.edu/etd_projects/28