Issue No.05 - September/October (2008 vol.6)
Wei Yan , Trend Micro
Zheng Zhang , McAfee
Nirwan Ansari , New Jersey Institute of Technology
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2008.126
In concert with the ever-growing network applications, a significant increase in the spread of malware over the Internet has been observed. In cases where malware are the zero-day threats, generating their signatures for detection via anti-virus (AV) scan engines becomes an important reactive security function. However, modern malware can easily bypass AV scanners using packers, which can hide malicious file contents from detection. This article describes how packers work, and the three most commonly used unpacking methods. The authors describe the logic flow and behavior of Upack, a popular packer, as an example of a software packer.
malware, packer, anti-virus, basic training
Wei Yan, Zheng Zhang, Nirwan Ansari, "Revealing Packed Malware", IEEE Security & Privacy, vol.6, no. 5, pp. 65-69, September/October 2008, doi:10.1109/MSP.2008.126