METAMORPHISM AND PERMUTATION: FEEL THE DIFFERENCE~~~~~~~~~~~~~~~~~~~~~~~~~~~

1.  
2. METAMORPHISM AND PERMUTATION: FEEL THE DIFFERENCE
3. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
4.  
5. Tasks of the metamorphism and permutation technologies are to make virus
6. more complex, thus
7. 1. prolonging time of writing antiviral code, and
8. 2. increasing time of the infected objects detection.
9.  
10. But, contrary to public opinion,
11. implementations of these techonogies are different!
12.  
13. Metamorphism means that your virus contains some [encrypted] data
14. which is used to generate new polymorphic copy.
15.  
16. As a rule, new polymorphic copy will be only executed after its
17. generation, so it may contain any trash instructions and be of any size.
18.  
19. Typical metamorphic viruses are TMC and LEXOTAN.
20.  
21. Permutating viruses are NOT containing such encrypted data, they are
22. using only current code to generate new polymorphic copy.
23.  
24. Permutating virus always must be able to get length of any own instruction.
25. This may be achieved by writing disassembler (ZCME,RPME) or making
26. all instructions of the same length (in the PLY-viruses all instructions
27. are NOP-padded to 3-byte length).
28.  
29. So, metamorphism means GENERATING NEW CODE,
30. and permutation means USING OLD CODE.
31.  
32. Z0MBiE