This presentation will be about a virus/worm framework which takes advantage of the abundance of NOP-areas produced by modern compilers in executables.
The virus is bound to the x86 CPU architecture (with the possibility of porting it to other CISC architectures); however, a key feature of this infection vector is that the virus is operaing system independent. The majority of my work so far has been done on GNU/Linux but tests have been run on Windows XP, NetBSD and FreeBSD. Future targets include Solaris/x86 and Mac OS X/x86. It should be noted that this is not an ELF or PE/COFF virus: it is executable format independent.
This presentation will explain, in gory-detail, how I implemented the generation zero NOP-infectors in C and how self-replication is done in the assembly version. I will describe the algorithms and data structures involved; and I will talk about the many challenges in implementing them and how those problems were solved.
I will talk about possible methods of detection, prevention and what sysadmins might do to protect themselves. I will also talk about future plans for the virus.