Polymorphic Obfuscation of Executable Code

摘要

This document generally relates to systems, method, and other techniques for identifying and interfering with the operation of computer malware, as a mechanism for improving system security. Some implementations include a computer-implemented method by which a computer security server system performs actions including receiving a request for content directed to a particular content server system; forwarding the request to the particular content server system; receiving executable code from the particular content server system; inserting executable injection code into at least one file of the executable code; applying a security countermeasure to the combined executable code and executable injection code to create transformed code; and providing the transformed code to a client computing device.

主权项

1. A computer-implemented method, comprising:
receiving, at a computer security server system located between the Internet and a client computing device that makes requests over the Internet, a request for content that is directed to a particular content server system; forwarding, by the computer security server system, the received request to the particular content server system; in response to the request, receiving, from the particular content server system, executable code; inserting into at least one file of the executable code, and to create combined code, executable injection code that, when executed by the client computing device, does not (i) alter, from a user's perspective, an execution of the received executable code or (ii) perform actions observable by the user; applying a security countermeasure to the combined code to create transformed code; and providing the transformed code to the client computing device.