Introducing Stealth Malware Taxonomy
نویسنده
چکیده
Introduction At the beginning of this year, at Black Hat Federal Conference, I proposed a simple taxonomy that could be used to classify stealth malware according to how it interacts with the operating system. Since that time I have often referred to this classification as I think it is very useful in designing system integrity verification tools and talking about malware in general. Now I decided to explain this classification a bit more as well as extend it of a new type of malware the type III malware.
منابع مشابه
Exploiting Similarity Between Variants to Defeat Malware
Manymalicious programs are just previously-seen programs that have had someminor changes made to them. A slightly different variant hardly qualifies as a stealth attack: being 99% the same as a known piece of malware should be a dead giveaway. This white paper describes a method for searching database of programs for a match. The methods are adapted from ordinary text search and analysis; the k...
متن کاملHookFinder: Identifying and Understanding Malware Hooking Behaviors
Installing various hooks into the victim system is an important attacking strategy used by malware, including spyware, rootkits, stealth backdoors, and others. In order to evade detection, malware writers are exploring new hooking mechanisms. For example, a stealth kernel backdoor, deepdoor, has been demonstrated to successfully evade all existing hook detectors. Unfortunately, the state of the...
متن کاملA concise cost analysis of Internet malware
In this paper we present a cost model to analyze impacts of Internet malware in order to estimate the cost of incidents and risk caused by them. The model is useful in determining parameters needed to estimate recovery efficiency, probabilistic risk distributions, and cost of malware incidents. Many users tend to underestimate the cost of curiosity coming with stealth malware such as email-atta...
متن کاملStealth attacks: An extended insight into the obfuscation effects on Android malware
In order to effectively evade anti-malware solutions, Android malware authors are progressively resorting to automatic obfuscation strategies. Recent works have shown, on small-scale experiments, the possibility of evading anti-malware engines by applying simple obfuscation transformations on previously detected malware samples. In this paper, we provide a large-scale experiment in which the de...
متن کاملMalware variant detection
Malware programs (e.g., viruses, worms, Trojans, etc.) are a worldwide epidemic. Studies and statistics show that the impact of malware is getting worse. Malware detectors are the primary tools in the defence against malware. Most commercial anti-malware scanners maintain a database of malware patterns and heuristic signatures for detecting malicious programs within a computer system. Malware w...
متن کامل