return To index

Modern Amoeba Infection Technique
---------------------------------
alcopaul/brigada ocho
may 26, 2011


"...A rarely seen virus infection technique, Amoeba, embeds the host program inside the virus body. 
This is done by prepending the head part of the virus to the front of the file and appending the 
tail part to the very end of the host file. The head has access to the tail and is loaded later. 
The original host program is reconstructed as a new file on the disk for proper execution afterwards. 
For example, W32/Sand.12300, written by the virus writer, Alcopaul, uses this technique to infect PE 
files on Windows systems. Sand is written in Visual Basic..." - The Art of Computer Virus Research and Defense by Peter Szor, 2005


Below is the classic Amoeba Infection Technique


===================                                      ==================
     virus(head)         ==============                      virus(head)
===================   +       host          --------->   ==================
     virus(tail)         ==============                        host
===================                                      ==================
                                                             virus(tail)
                                                         ==================


Modern?
-------

Yes. We can make a virus embed the host file inside it at source code level.

=============      ============          Generate virus source,                           ==================================
   virus       +       host      ------> Generate base64 representation of host,  ---->   virus with host as string variable
=============      ============          Store host in virus source as a string variable, ==================================
                                         Compile.


The virus must have the ability to generate its own source code and must have access to compilers in the
machine.