Zmist Explained

Fullname:Win32.Zmist
Aliases:Z0mbie.Mistfall
Type:Computer virus
Isolationdate:2002
Origin:Russia
Author:Z0mbie
Oses:Windows
Filesize:9 kbytes

Zmist (also known as Z0mbie.Mistfall) is a metamorphic computer virus[1] [2] created by the Russian virus writer known as Z0mbie. It was the first virus to use a technique known as "code integration". In the words of Ferrie and Ször:[3]

This virus supports a unique new technique: code integration.The Mistfall engine contained in it is capable ofdecompiling Portable Executable files to [their] smallestelements, requiring 32 MB of memory. Zmist will insertitself into the code: it moves code blocks out of the way,inserts itself, regenerates code and data references, includingrelocation information, and rebuilds the executable.

Variants

See also

References

  1. Aspevik, Egil; Detection of Junk Instructions in Computer Viruses, Masters Thesis, May 2008, University of Oslo (UiO).
  2. Web site: ZMist: next generation viruses coming up. Wilders Security. 18 February 2013.
  3. Ferrie, Peter; and Ször, Péter; Zmist opportunities, Virus Bulletin, March 2001, Abingdon, Oxfordshire (UK), pp. 6–7

External links