DocumentCode
1597731
Title
Multi-stage delivery of malware
Author
Ramilli, Marco ; Bishop, Matt
Author_Institution
Dipt. di Elettron. Inf. e Sist., Univ. of Bologna, Cesena, Italy
fYear
2010
Firstpage
91
Lastpage
97
Abstract
Malware signature detectors use patterns of bytes, or variations of patterns of bytes, to detect malware attempting to enter a systems. This approach assumes the signatures are both or sufficient length to identify the malware, and to distinguish it from non-malware objects entering the system. We describe a technique that can increase the difficulty of both to an arbitrary degree. This technique can exploit an optimization that many anti-virus systems use to make inserting the malware simple; fortunately, this particular exploit is easy to detect, provided the optimization is not present. We describe some experiments to test the effectiveness of this technique in evading existing signature-based malware detectors.
Keywords
invasive software; optimisation; antivirus system; bytes pattern variation; malware multistage delivery; malware signature detector; optimization; Assembly; Detectors; Engines; Grippers; Malware; Optimization; Software;
fLanguage
English
Publisher
ieee
Conference_Titel
Malicious and Unwanted Software (MALWARE), 2010 5th International Conference on
Conference_Location
Nancy, Lorraine
Print_ISBN
978-1-4244-9353-1
Type
conf
DOI
10.1109/MALWARE.2010.5665788
Filename
5665788
Link To Document