Impeding Automated Malware Analysis with Environment-sensitive Malware
نویسندگان
چکیده
To solve the scalability problem introduced by the exponential growth of malware, numerous automated malware analysis techniques have been developed. Unfortunately, all of these approaches make previously unaddressed assumptions that manifest as weaknesses to the tenability of the automated malware analysis process. To highlight this concern, we developed two obfuscation techniques that make the successful execution of a malware sample dependent on the unique properties of the original host it infects. To reinforce the potential for malware authors to leverage this type of analysis resistance, we discuss the Flashback botnet’s use of a similar technique to prevent the automated analysis of its samples.
منابع مشابه
Flowers for Automated Malware Analysis
To handle the large volume of malware samples collected each day, numerous automated malware analysis techniques have been developed. In response, malware authors have made analysis environment detections increasingly popular and commoditized. In turn, security practitioners have created systems that make an analysis environment look like a normal system. Thus far, neither side has claimed a de...
متن کاملAn automated approach to analysis and classification of Crypto-ransomwares’ family
There is no doubt that malicious programs are one of the permanent threats to computer systems. Malicious programs distract the normal process of computer systems to apply their roguish purposes. Meanwhile, there is also a type of malware known as the ransomware that limits victims to access their computer system either by encrypting the victimchr('39')s files or by locking the system. Despite ...
متن کاملDyVSoR: dynamic malware detection based on extracting patterns from value sets of registers
To control the exponential growth of malware files, security analysts pursue dynamic approaches that automatically identify and analyze malicious software samples. Obfuscation and polymorphism employed by malwares make it difficult for signature-based systems to detect sophisticated malware files. The dynamic analysis or run-time behavior provides a better technique to identify the threat. In t...
متن کاملAutomated Malware Analysis System and Its Sandbox for Revealing Malware's Internal and External Activities
Malware has been recognized as one of the major security threats in the Internet. Previous researches have mainly focused on malware’s internal activity in a system. However, it is crucial that the malware analysis extracts a malware’s external activity toward the network to correlate with a security incident. We propose a novel way to analyze malware: focus closely on the malware’s external (i...
متن کاملBareCloud: Bare-metal Analysis-based Evasive Malware Detection
The volume and the sophistication of malware are continuously increasing and evolving. Automated dynamic malware analysis is a widely-adopted approach for detecting malicious software. However, many recent malware samples try to evade detection by identifying the presence of the analysis environment itself, and refraining from performing malicious actions. Because of the sophistication of the t...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2012