RECON06 . A PLATFORM INDEPENDENT MULTI-CAVITY NOP VIRUS
- » What we've done here is taken the old idea of using ptrace() to attack applications and applied it to this virus.
- » The cool thing about our NOP-infection code is that it operats on any arbitarily sized data block; so, we can load an executables .text from a file or using the ptrace() API to copy that .text segment into our memory space, modify it, and write it back.
- » /proc for filename + read() = faster.