Copy Link
Add to Bookmark
Report

CHAPTER 4: The Engine that Kills! A Mutating Menance!

Dark Avenger Mutation Engine No Threat to Protected PCs

eZine's profile picture
Published in 
the virus informer
 · 2 years ago

FACT: Each day of the year a new virus is introduced into the computer industry.

Santa Clara, CA -- May 11,1992 -- McAfee Associates confirmed today that users of its suite of VIRUSCAN anti-virus products have nothing to fear from the new generation of mutating or polymorphic viruses.

McAfee Associates, the nation's leading anti-virus software company, has been swamped with calls from concerned corporate PC users worried about the threat of the so-called Dark Avenger Mutation Engine.

"Actually, we cracked this engine some months ago and have been shipping product capable of detecting the Mutation Engine since March," said William S. McKiernan, vice president, McAfee Associates.

The Dark Avenger Mutation Engine, which first appeared on European bulletin boards a few months ago, is a new kind of virus threat. In the past, viruses such as the Jerusalem or the recent Michelangelo strain had distinct, single identities that made them relatively easy to detect and control.

"The Mutation Engine, however, can be used by virtually anyone to create a mutating virus which is very difficult to detect," said McKiernan. "The fact that it is widely available on bulletin boards makes it that much more frightening."

The Mutation Engine uses encryption techniques to avoid detection. Before a virus can become active it needs to decrypt itself. Ordinarily the code used for this decryption remains constant, allowing the use of standard byte matching techniques for detection.

The Mutation Engine, however, uses a special algorithm to generate a completely variable decryption routine each time. "The result is that no three bytes remain constant from one sample to the next," said Igor Grebert, senior programmer at McAfee Associates. "This makes detection using conventional string matching techniques impossible."

VIRUSCAN, however, has no such problem. According to McKiernan, the downloadable shareware contains a new generation of virus detection algorithm capable of statistical and numerical analysis.

It detects the Mutation Engine by "sensing" its presence rather than by attempting to actually spot it in a byte-for-byte string comparison. VIRUSCAN consistently detected all iterations of the Mutation Engine in tests done at McAfee, McKiernan said.

Santa Clara-based McAfee Associates first received reports of the Mutation Engine early this year. It is believed that the Engine is a product of the Bulgarian virus creator responsible for the original conventional Dark Avenger virus.

Though some viruses using the Mutation Engine have already appeared in the U.S., the engine is not expected to present a widespread problem for some time, McKiernan said. Typically the McAfee "early warning" network identifies new viruses months before they are a threat to the U.S. market.

Nevertheless, the PC world has reacted emotionally to the presence of the Mutation Engine. "It is clear that the game is forever changed," said columnist Steve Gibson in a recent issue of the computer journal InfoWorld. "The sophistication of the Mutation Engine is amazing and staggering."

The presence of the Mutation Engine on bulletin boards may be more of a threat than the virus itself. "You no longer have to be particularly clever or experienced to use it," said McKiernan. "Now if you have a modem you can be in the virus business overnight and the potential for proliferation is a sobering thought."

McKiernan said that conventional viruses are turning up at a rate of 10 to 20 per week. "We expect that the Mutation Engine will increase this problem exponentially for those with unprotected systems," he said.

- end -

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT