Peter Ferrie
Virus Bulletin, November 2004, pp.6-7
ISSN 0956-9979
November 2004
Download PDF (23Kb) (You need to be registered on forum)In 2003 I wrote: `A virus using the manual reconstruction technique seems unlikely, since the underlying structures in .NET are extremely complex and contain many interdependencies' (see VB, April 2003, p.5). However, in 2004 we received one that did it: MSIL/Impanate.
Written by the virus writer known as `roy g biv', a specialist in proof-of-concept viruses (most recently, the first 64-bit viruses on the Win64 platform: W64/Rugrat on IA64, [see VB, June 2004, p.4] and W64/Shruggle on AMD64), Impanate is the first known parasitic, entry point obscuring appender for the .NET platform.