Always the Same, Never the Same

In this paper, existing sophisticated techniques can provide a deep and effective analysis to discover whether files hide a computer virus or other malware. Examples of the most effective approaches are heuristic or exhaustive static code analysis and behavior alanalysis in a sandbox environment. However, given the huge number of circulating malware and the high-performance impact associated with the aforementioned approaches, the most frequently employed tool remains signature detection. Antivirus software (AVS) is endowed with a database of patterns signatures, each characterizing a known malware or variant thereof. By scanning a target file, an AVS is able to tell whether it contains traces revealing the presence of malware, or if it´s clean-a generally applicable approach, valued for its efficiency, which makes it suitable for real-time analysis of user-requested content. Unfortunately, today´s malware writers can easily sneak their creations past most signature-based antimalware programs by beating the raw speed at which the signature databases can be updated after a new malware is observed in the wild, and, most notably, by creating countless variants of the same malware, each one sporting a different signature. The author mentions that the installment of Attack Trends foresees the inclusion of AVS in the design loop, leading to a more effective process for the generation of new variants of malware based on the direct manipulation of binary code.