Study of malware obfuscation techniques

From Botnets.fr
Revision as of 16:29, 7 February 2015 by Eric.freyssinet (talk | contribs) (1 revision imported)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

(Publication) Google search: [1]

Study of malware obfuscation techniques
Botnet
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / 2012-10-11
Editor/Conference HITBSecConf
Link http://zerosecurity.org/media/study-of-malware-obfuscation-techniques/ zerosecurity.org (zerosecurity.org Archive copy)
Author Rodrigo Branco
Type Conference paper"Conference paper" is not in the list (Blogpost, White paper, Scientific paper, Press article, Conference paper or presentation, Threat entry, Press release, Tech report) of allowed values for the "Type" property.

Abstract

Malware is widely acknowledged as a growing threat with hundreds of thousands of new samples reported each week. Analysis of these malware samples has to deal with this significant quantity but also with the defensive capabilities built into malware. Malware authors use a range of evasion techniques to harden their creations against accurate analysis. The evasion techniques aim to disrupt attempts of disassembly, debugging or analyse in a virtualized environment.

This talk catalogs the common evasion techniques malware authors employ, applying over 50 different static detections, combined with a few dynamic ones for completeness. We validate our catalog by running these detections against a database of 4 million samples (the system is constantly running and the numbers will be updated for the presentation), enabling us to present an analysis on the real state of evasion techniques in use by malware today. The resulting data will help security companies and researchers around the world to focus their attention on making their tools and processes more efficient to rapidly avoid the malware authors’ countermeasures.

This first of its kind, comprehensive catalog of countermeasures was compiled by the paper’s authors by researching each of the known techniques employed by malware, and in the process new detections were proposed and developed. The underlying malware sample database has an open architecture that allows researchers not only to see the results of the analysis, but also to develop and plug-in new analysis capabilities. The system will be made available in beta at Black Hat, with the purpose of serving as a basis for innovative community research.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1268,
   editor = {HITBSecConf},
   author = {Rodrigo Branco},
   title = {Study of malware obfuscation techniques},
   date = {11},
   month = Oct,
   year = {2012},
   howpublished = {\url{http://zerosecurity.org/media/study-of-malware-obfuscation-techniques/ zerosecurity.org}},
 }

Retrieved from "https://www.botnets.fr/index.php?title=Study_of_malware_obfuscation_techniques&oldid=2748"