Fingerprinting Malware using Bioinformatics Tools Building a Classifier for the Zeus Virus

This paper describes an exploratory research project which creates a classifier to distinguish artifacts containing content specific to a known computer virus, given a training set of samples of variants of that virus and using local alignments between the artifacts as its information source. A bioinformatics tool, BLAST, finds the local alignments between a digital artifact and a repository of representatives of the virus. The classification is driven by a comparison of the local alignments to determined alignment fingerprints of the virus representatives. Project methods include the creation of “synthetic DNA” representations of digital artifacts, representative selection for a set of computer viruses, alignment fingerprint creation for those representatives, and using the representatives, fingerprints and alignments in a classification scheme. The project examined Zeus Trojan viruses and had a 91% correct identification rate of verified Zeus viruses and a 3% false positive rate.