那個叫江民的不知能否對付，有人講他們的引擎是來自卡巴？

贊助商連結

反制殼變形技術還有一招:就是破解殼變形程式的變形規則後,將所有殼變形後可能出現的靜態特徵全部紀錄下來再加以掃描就行了

那個叫江民的不知能否對付，有人講他們的引擎是來自卡巴？

之前有份新聞說,江民是竊取卡巴斯基的病毒庫來充當自己的病毒庫...:|||:

不過後來兩方都否認這件事...:D

P.S:江民的引擎由王江民等人開發..

反制殼變形技術還有一招:就是破解殼變形程式的變形規則後,將所有殼變形後可能出現的靜態特徵全部紀錄下來再加以掃描就行了

變形殼無法追蹤...這篇文章 (http://www.77169.com/Article/HTML/52231.html),就算能指定某個區位,只要在找出區位便可以躲過...:|||:

經過在下費了30分鐘慢慢寫出來的英文解釋,已經傳送去給卡巴斯基了!只要等待他的回覆就好了!

原文如下(在下的破英文寫的:|||: ):

New technology!Even Kaspersky can not found it out!

There are some Chaina wedsites teach the China cracker(hacker) how to make a " deformable shell " !

Please look at the No.1 link , they supply a tool to make a " deformable shell ".

http://www.315safe.com/download/download.asp?downid=6671

In the No.2 link , they use the tool of the No.1 link to teach how to make a " deformable shell ", and they let Kaspersky scan the file WITHOUT the " deformable shell " , Kaspersky can found the virus , but they let Kaspersky scan the file WITH the " deformable shell " , Kaspersky can not found it out !

http://bbs.pediy.com/showthread.php?threadid=22270&goto=nextnewest

In the No.3 link , a China cracker(hacker) teach how to make a " deformable shell " , too . But when the China cracker(hacker) make a new virus WITH the " deformable shell " , over a few days Kaspersky can found it out ! Then the China cracker(hacker) change the file zoon , Kaspersky can found it out again !

http://www.77169.com/Article/HTML/52231.html

The China cracker(hacker) is so awfully ! I hope Kaspersky can be better than better !

By FroleDisk

經過在下費了30分鐘慢慢寫出來的英文解釋,已經傳送去給卡巴斯基了!只要等待他的回覆就好了!

原文如下(在下的破英文寫的:|||: ):

New technology!Even Kaspersky can not found it out!

There are some Chaina wedsites teach the China cracker(hacker) how to make a " deformable shell " !

Please look at the No.1 link , they supply a tool to make a " deformable shell ".

http://www.315safe.com/download/download.asp?downid=6671

In the No.2 link , they use the tool of the No.1 link to teach how to make a " deformable shell ", and they let Kaspersky scan the file WITHOUT the " deformable shell " , Kaspersky can found the virus , but they let Kaspersky scan the file WITH the " deformable shell " , Kaspersky can not found it out !

http://bbs.pediy.com/showthread.php?threadid=22270&goto=nextnewest

In the No.3 link , a China cracker(hacker) teach how to make a " deformable shell " , too . But when the China cracker(hacker) make a new virus WITH the " deformable shell " , over a few days Kaspersky can found it out ! Then the China cracker(hacker) change the file zoon , Kaspersky can found it out again !

http://www.77169.com/Article/HTML/52231.html

The China cracker(hacker) is so awfully ! I hope Kaspersky can be better than better !

By FroleDisk
前兩個網址有問題必須連結後再手動輸入網址列的正確網址,否則無法從郵件裡連結網址,還有殼變形是可追蹤,因為所謂的殼變形只是改變入口區段以及區段的偏移量,而且也無法無限偏移(根據檔案類型不同,偏移量也有不同限制)防毒軟體可利用"偏移量遭受限制"的特性來逐一比對
請參考http://bbs.pediy.com/showthread.php?threadid=22270&goto=nextnewest

這裡有整套的最新病毒欺騙技術原理說明,我已經請台灣代理商通知卡巴斯基ps:卡巴斯基有中國分公司應該看的懂中文
http://www.hbhacker.net/hphtml/?thread-6962.html

可不可直接上傳該檔

網頁根本跑不動

我又想到一招破解殼變形技術的方法:由於殼中改籽技術是更改入口區段字節的偏移量來逃避防毒軟體的偵測(請注意不是更改字節本身)何不設計出完全忽視偏移量的字節對照程式

那江民對大陸木馬的偵測程度如何