itman 1,659 Posted December 17, 2022 Share Posted December 17, 2022 (edited) Although security vendors classify and for some even name their products anti-virus, the reality is viruses have been dead and out of circulation for some time. Most malware today are Trojans. Well, things have changed in the threat landscape arena. Below is a great technical analysis by Checkpoint on Azov ransomware which is in reality a wiper and a also a virus. Pulling the Curtains on Azov Ransomware: Not a Skidsware but Polymorphic Wiper Quote Azov first came to the attention of the information security community as a payload of the SmokeLoader botnet, commonly found in fake pirated software and crack sites. One thing that sets Azov apart from your garden-variety ransomware is its modification of certain 64-bit executables to execute its own code. Before the advent of the modern-day internet, this behavior used to be the royal road for the proliferation of malware; because of this, to this day, it remains the textbook definition of “computer virus” (a fact dearly beloved by industry pedants, and equally resented by everyone else). The modification of executables is done using polymorphic code, so as not to be potentially foiled by static signatures, and is also applied to 64-bit executables, which the average malware author would not have bothered with. https://research.checkpoint.com/2022/pulling-the-curtains-on-azov-ransomware-not-a-skidsware-but-polymorphic-wiper/ Edited December 17, 2022 by itman Link to comment Share on other sites More sharing options...
Recommended Posts