Abstract
Malware has become more lethal by using multiple attack vectors to exploit both known and unknown vulnerabilities and can attack prescanned targets with lightning speed. In the future, it is important that the scanners are capable of detecting polymoraphic (obfuscated or variant) and metamorphic (mutated or evolved) versions of malware, however current scanning techniques for malware detection have serious limitations. Simple software obfuscation a general technique that is used to protect the software from reverse engineering techniques can circumvent the current detection mechanisms (anti-virus tools). In this chapter, we describe common attacks on anti-virus tools and a few obfuscation techniques applied to recent viruses that were used to thwart commercial grade anti-virus tools. Similarities among different malware and their variants are also presented in this chapter. The signature used in this method is the percentage of application programming interface (APIs) appearing in the malware type. The hypothesis is that mutants and variants will not stray far from the original. Table 5 shows serious limitations of commercial grade anti-virus scanners in detecting simple obfuscation attacks. Table 6 shows the percentages of similarity of a particular malware when compared to others. One important thing to note is that even the polymorphic ZMist uses the same set of APIs on all three variants.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.