Hacker News new | ask | show | jobs
by scottdw2 5208 days ago
See my comment below. I don't think you quite understood what I meant. I'm not saying the code was written in scheme. I'm saying there is a product that allows you to write scheme macros to manipulate a database of machine code IR derived from disassembly and then turn the modified database back into an executable.

Hiding the source language makes identifying the origin of the malware difficult. There are obvious reasons to do that.
1 comments
narag 5208 days ago
Hiding the source language makes identifying the origin of the malware difficult.

How so? Knowing that it was written using VC would hardly help identifying the origin.

That's not to say that you're wrong about the tool used, but I don't believe the goal was to cover their tracks, but some kind of optimization. Viruses often face space constraints.

link
DEinspanjer 5208 days ago
I am not knowledgeable enough to say much on this topic, but I was wondering if maybe such rewriting would also serve to make it easy to mutate code to change its signature?
link
lukeschlather 5208 days ago
That was sort of what I was getting at. The obfuscation of the source language may be correlated, but it's not the goal.
link