Zmist

Zmist (also known as Z0mbie.Mistfall) is a metamorphic computer virus[1][2] created by the Russian virus writer known as Z0mbie. It was the first virus to use a technique known as "code integration". In the words of Ferrie and Ször:[3]

This virus supports a unique new technique: code integration. The Mistfall engine contained in it is capable of decompiling Portable Executable files to [their] smallest elements, requiring 32 MB of memory. Zmist will insert itself into the code: it moves code blocks out of the way, inserts itself, regenerates code and data references, including relocation information, and rebuilds the executable.

Win32.Zmist
AliasesZ0mbie.Mistfall
TypeComputer virus
Isolation2002
Point of originRussia
Author(s)Z0mbie
Operating system(s) affectedWindows
Filesize9 kbytes

Variants

  • Zmist.gen!674CD7362358 - discovered in 2012.
  • ZMist!IK - discovered 2011 - 2012.
  • Zmist.A - discovered in 2006 - 2007.

See also

References

  1. Aspevik, Egil; Detection of Junk Instructions in Computer Viruses, Masters Thesis, May 2008, University of Oslo (UiO).
  2. "ZMist: next generation viruses coming up". Wilders Security. Retrieved 18 February 2013.
  3. Ferrie, Peter; and Ször, Péter; Zmist opportunities, Virus Bulletin, March 2001, Abingdon, Oxfordshire (UK), pp. 6–7


This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.