MAC-NETHow toNetwork SecurityVirus ProtectionSpyware ProtectionDownloadReferenceContact
 

Do more with FirefoxNEW

What is a computer virus?

Alert: Computer Virus Outbreaks

AVG Alternative Update URL

AVG Anti-Virus 7 FE

AVG Anti-Virus 7.5

AVG Email Server Edition

AVG File Server Edition

How to - Avoid Getting Infected

How to - Disabling System Restore

How to - Put Windows in Safe Mode

MAC OS X Anti-Virus

Removal of Trojan

Removing File Locked by OS

Stop the virus Ping-Pong

The real thing !

Viruses: Email-borne

Viruses: On-line Scanners
Home » Virus Protection » Alert: Computer Virus Outbreaks » 

Polip Computer Virus

Polip is a P2P virus that is via P2P client like BearShare. W32 / Polip is a memory-resident virus that uses entry-point obfuscation techniques. When infecting, the virus replaces all calls or jumps to an imported function used by the host file (randomly chosen by the virus) with obfuscated calls to an advanced polymorphic decryptor.

When infecting files Polip creates a new section with an empty section name before the resource section or just after the last data section of the file. This section contains the encrypted and polymorphic body of the virus. It randomly chooses an imported function by the program and patch all the calls or jumps to this function to redirect code execution to this new section. Polip also uses the empty space at the end of the code section to copy some parts of its code, and it uses the data section to manipulate its own variables. Once the virus code is executed, it repairs the hooked calls and jumps to the imported function, and it redirects the execution to the program code.

If a user that does not have a P2P client, someone sends it to them in e-mail and they run the virus, the virus will implement its own p2p Gnutella client on that machine, causing it to become a host for spreading the virus.


commentPost your comment 
Mail this pageMail this page

MAC-NET Secures IT | internet toolkit

© 2004-2008. All Rights Reserved.