Exploiting an antivirus interface

نویسندگان

  • Kevin W. Hamlen
  • Vishwath Mohan
  • Mohammad M. Masud
  • Latifur Khan
  • Bhavani M. Thuraisingham
چکیده

We propose a technique for defeating signature-based malware detectors by exploiting information disclosed by antivirus interfaces. This information is leveraged to reverse engineer relevant details of the detector’s underlying signature database, revealing binary obfuscations that suffice to conceal malware from the detector. Experiments with real malware and antivirus interfaces on Windows operating systems justifies the effectiveness of our approach.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

A Formal Petri Net Based Model for Antivirus Update Agent System

In this paper, a formal model for antivirus update agent system is presented based on mobile agent technology and predicate/transition Petri nets. The mobile agent system contains two mobile agents called DCA and UNA. It sends out agents to update antivirus on client computers in a network. Each agent takes on a specified responsibility. First, DCA roams through the network and check the last d...

متن کامل

A Formal Petri Net Based Model for Antivirus Update Agent System

In this paper, a formal model for antivirus update agent system is presented based on mobile agent technology and predicate/transition Petri nets. The mobile agent system contains two mobile agents called DCA and UNA. It sends out agents to update antivirus on client computers in a network. Each agent takes on a specified responsibility. First, DCA roams through the network and check the last d...

متن کامل

Exploiting Software How to Break Code

How does software break? How do attackers make software break on purpose? Why are firewalls, intrusion detection systems, and antivirus software not keeping out the bad guys? What tools can be used to break software? This book provides the answers. Exploiting Software is loaded with examples of real attacks, attack patterns, tools, and techniques used by bad guys to break software. If you want ...

متن کامل

Stop Clicking on "Update Later": Persuading Users They Need Up-to-Date Antivirus Protection

Online security advice aims to persuade users to behave securely, but appears to have limited effects at changing behaviour. We propose security advice targeted at end-users should employ visual rhetoric to form an effective, memorable, and persuasive method of communication. We present the design and evaluation of infographics and an online interactive comic developed to persuade users to upda...

متن کامل

Application-Level Reconnaissance: Timing Channel Attacks Against Antivirus Software

Remote attackers use network reconnaissance techniques, such as port scanning, to gain information about a victim machine and then use this information to launch an attack. Current network reconnaissance techniques, that are typically below the application layer, are limited in the sense that they can only give basic information, such as what services a victim is running. Furthermore, modern re...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • Computer Standards & Interfaces

دوره 31  شماره 

صفحات  -

تاریخ انتشار 2009