Evolving shell code

Masaki Suenega Symantec Security Response

This paper deals with the shell code seen in data files, such as image files that exploit certain vulnerabilities. At first the shell code used in these files was not difficult to analyse, with most cases having easily resolved API calls. However, gradually the code has become more difficult to analyse, with API calls obfuscated and instructions encrypted.

Some shell code, which we've seen in Microsoft Word documents, destroy their host data files after execution. Other shell codes are represented only by ASCII characters, which look just like benign text. These techniques and others will be discussed in this paper.

VB Conferences

VB2010 (Vancouver)

VB2009 (Geneva)

VB2008 (Ottawa)

VB2007 (Vienna)

VB2006 (Montréal)

VB2005 (Dublin)

VB2004 (Chicago)

VB2003 (Toronto)

VB2002 (New Orleans)

VB2001 (Prague)

VB2000 (Orlando)

VB99 (Vancouver)

VB98 (Munich)

VB97 (San Francisco)

VB96 (Brighton)

VB95 (Boston)

VB94 (Jersey)

VB93 (Amsterdam)

VB92 (Edinburgh)

VB91 (Jersey)

‘VB is the best technical conference I have ever attended.’

Poll

Who in your company is responsible for installing software patches?

Leave a comment

Jobs

In Virus Bulletin's jobs pages among others:

Malware Analyst (Fillgradergasse 7, 1060 Vienna, Austria)
Software Engineer (m/f) for quality assurance and test automation (Tettnang, Germany)

Virus Bulletin currently has 148,292 registered users.

Fighting malware and spam