Study on Countermeasures Using Mitigation Software against Vulnerability Attacks

In recent years, zero-day attacks that exploit software vulnerabilities before they can be covered by hotfix deployments have become increasingly serious. And it has become very dangerous to leave such vulnerabilities uncovered because they may permit unauthorized access or malware infection. Additionally, hotfixes of software that manufacturers have stopped support will not be distributed. Because of these and other issues, vulnerability mitigation software packages such as the Enhanced Mitigation Experience Toolkit (EMET), Malawarebyte Anti Exploit (MBAE), and HitmanPro. Alert have attracted attention nowadays. It is possible to take countermeasures against vulnerability attacks in real-time by introducing them without the definition files or sandboxes used in common anti-virus software packages. However, it has been reported that some malware types that execute vulnerability attacks are capable of circumventing vulnerability mitigation software packages such as EMET. Therefore, in this study, we perform detection experiments using vulnerability mitigation software in a personal computer equipped with an old version of the Windows 7 operating system. From the result, we found that basically HitmanPro. Alert was most effective against vulnerability attack and attacks of malware described via macro language such as VBA.