Smeg Virus Construction Kit

Last updated

The Smeg Virus Construction Kit (or SMEG) is a polymorphic engine written by virus writer Chris Pile, known as The Black Baron. SMEG is an acronym for Simulated Metamorphic Encryption Generator. Messages within the two viruses Pile created with it, SMEG.Pathogen and SMEG.Queeg, suggest that it is also an allusion to the word smeg, used as a profanity by characters in the British TV series Red Dwarf. [1] The engine is designed to be used to add polymorphism to viruses.

In 1995, Pile was sentenced to 18 months in prison for creating the viruses, becoming the first person convicted under the Computer Misuse Act. [2]

Related Research Articles

Polymorphism, polymorphic, polymorph, or polymorphous may refer to:

Timeline of computer viruses and worms computer malware timeline

This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses, computer worms, Trojan horses, similar malware, related research and events.

In computing, polymorphic code is code that uses a polymorphic engine to mutate while keeping the original algorithm intact - that is, the code changes itself every time it runs, but the function of the code will not change at all. For example, the simple math equations 3+1 and 6-2 both achieve the same result, yet run with different machine code in a CPU. This technique is sometimes used by computer viruses, shellcodes and computer worms to hide their presence.

In programming languages and type theory, polymorphism is the provision of a single interface to entities of different types or the use of a single symbol to represent multiple different types.The concept is borrowed from a principle in biology where an organism or species can have many different forms or stages.

Antivirus software Computer software to defend against malicious computer viruses

Antivirus software, or antivirus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware.

mydoom also known as, my.doom, W32.MyDoom@mm, Novarg, Mimail.R and Shimgapi, is a computer worm affecting Microsoft Windows. It was first sighted on January 26, 2004. It became the fastest-spreading e-mail worm ever, exceeding previous records set by the Sobig worm and ILOVEYOU, a record which as of 2021 has yet to be surpassed.

Dark Avenger was a pseudonym of a computer virus writer from Sofia, Bulgaria. He gained considerable popularity during the early 1990s, as some of his viruses spread not only nationwide but across Europe as well, even reaching the United States and Australia.

Smeg or SMEG may refer to:

Metamorphic code is code that when run outputs a logically equivalent version of its own code under some interpretation. This is similar to a quine, except that a quine's source code is exactly equivalent to its own output. Metamorphic code also usually outputs machine code and not its own source code.

Agobot, also frequently known as Gaobot, is a family of computer worms. Axel "Ago" Gembe, a German programmer also known for leaking Half-Life 2 a year before release, was responsible for writing the first version. The Agobot source code describes it as: “a modular IRC bot for Win32 / Linux”. Agobot was released under version 2 of the GNU General Public License. Agobot is a multi-threaded and mostly object oriented program written in C++ as well as a small amount of assembly. Agobot is an example of a Botnet that requires little or no programming knowledge to use.

Polymorphic engine Type of computer program

A polymorphic engine is a software component that uses polymorphic code to alter the payload while preserving the same functionality.

Win32/Simile is a metamorphic computer virus written in assembly language for Microsoft Windows. The virus was released in its most recent version in early March 2002. It was written by the virus writer "Mental Driller". Some of his previous viruses, such as Win95/Drill, have proved very challenging to detect.

An oligomorphic code is generally used by a computer virus to generate a decryptor for itself in a way comparable to a simple polymorphic code. It does this by randomly selecting each piece of the decryptor from several predefined alternatives. The pieces used to build the decryptor are usually too common to be detected with signatures. However, most oligomorphic viruses aren't able to generate more than just a few hundred different decryptors, so detecting them with simple signatures is still possible. Another method to detect an oligomorphic decryptor is to make a signature for each possible piece of code, group pieces that can substitute each other together and scan the file for a chain of decryptor pieces from alternating groups. Emulation may be used to detect the virus, but it can take more resources than necessary.

Christopher Pile, a.k.a. The Black Baron, is a British programmer, born in 1969, living in Plymouth, Devon. He created the computer viruses 'Pathogen' and 'Queeg'. He was also a prolific programmer of the Sinclair ZX Spectrum and MGT SAM Coupé 8-bit home computers, writing Pro-DOS, a CP/M emulator for the SAM, an implementation of the arcade game Defender, and the Dr Kode assembler for the ZX Spectrum, as well as Dr Scroll VTX5000 modem software.

1260, or V2PX, was a demonstration computer virus written in 1989 by Mark Washburn that used a form of polymorphic encryption. Derived from Ralf Burger's publication of the disassembled Vienna Virus source code, the 1260 added a cipher and varied its signature by randomizing its decryption algorithm. Both the 1260 and Vienna infect .COM files in the current or PATH directories upon execution. Changing an authenticated executable file is detected by most modern computer operating systems.

VirusTotal Cybersecurity website owned by Alphabet Inc.

VirusTotal is a website created by the Spanish security company Hispasec Sistemas. Launched in June 2004, it was acquired by Google in September 2012. The company's ownership switched in January 2018 to Chronicle.

Shankar's Virus is a polymorphic computer virus that infects Microsoft Word documents and templates. It was discovered on 3 June 1999.

Computer virus Computer program that modifies other programs to replicate itself and spread

A computer virus is a type of computer program that, when executed, replicates itself by modifying other computer programs and inserting its own code. If this replication succeeds, the affected areas are then said to be "infected" with a computer virus, a metaphor derived from biological viruses.

Sality is the classification for a family of malicious software (malware), which infects files on Microsoft Windows systems. Sality was first discovered in 2003 and has advanced over the years to become a dynamic, enduring and full-featured form of malicious code. Systems infected with Sality may communicate over a peer-to-peer (P2P) network to form a botnet for the purpose of relaying spam, proxying of communications, exfiltrating sensitive data, compromising web servers and/or coordinating distributed computing tasks for the purpose of processing intensive tasks. Since 2010, certain variants of Sality have also incorporated the use of rootkit functions as part of an ongoing evolution of the malware family. Because of its continued development and capabilities, Sality is considered to be one of the most complex and formidable forms of malware to date.

A macro in computer science is a rule or pattern that specifies how a certain input sequence should be mapped to a replacement input sequence according to a defined procedure.

References

  1. "F-Secure Virus Descriptions: SMEG" . Retrieved 2007-01-30.
  2. Juels, Ari (2004). Financial Cryptography: 8th International Conference, FC 2004, Key West, FL, USA, February 9-12, 2004. Revised Papers. Berlin: Springer-Verlag. p.  107. ISBN   3-540-22420-3.

See also

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.