The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.05 - September/October (2011 vol.9)
pp: 41-47
Philip O'Kane , Centre for Secure Information Technologies, Queen's University Belfast
Sakir Sezer , Centre for Secure Information Technologies, Queen's University Belfast
Kieran McLaughlin , Centre for Secure Information Technologies, Queen's University Belfast
ABSTRACT
A cyberwar exists between malware writers and antimalware researchers. At this war's heart rages a weapons race that originated in the 80s with the first computer virus. Obfuscation is one of the latest strategies to camouflage the telltale signs of malware, undermine antimalware software, and thwart malware analysis. Malware writers use packers, polymorphic techniques, and metamorphic techniques to evade intrusion detection systems. The need exists for new antimalware approaches that focus on what malware is doing rather than how it's doing it.
INDEX TERMS
malware, obfuscation, packer, polymorphism, metamorphism, computer security
CITATION
Philip O'Kane, Sakir Sezer, Kieran McLaughlin, "Obfuscation: The Hidden Malware", IEEE Security & Privacy, vol.9, no. 5, pp. 41-47, September/October 2011, doi:10.1109/MSP.2011.98
REFERENCES
1. J.M. Bauer, M.J.G. van Eeten, and Y. Wu, ITU Study on the Financial Aspects of Network Security: Malware and Spam, tech. report, ICT Applications and Cybersecurity Division, Int'l Telecommunication Union, 2008; www.itu.int/ITUD/cyb/cybersecurity/docsitu-study-financial-aspects-of-malware-and-spam.pdf .
2. I. Thomson, "FBI Reports Online Crime Losses Double in 2009," V3.co.uk, 13 Mar. 2010; www.v3.co.uk/v3/news/2259467fbi-reports-online-crime-losses .
3. "Symantec Internet Security Threat Report: Trends for July–December 07," white paper, Symantec, Apr. 2008; http://eval.symantec.com/mktginfo/enterprise/ white_papersb-whitepaper_exec_summary_internet_security_threat_report_xiii_04-2008.en-us.pdf .
4. R.A. Grimes, Honeypots for Windows, A-Press, 2004.
5. J. Oberheide, M. Bailey, and F. Jahanian, "PolyPack: An Automated Online Packing Service for Optimal Antivirus Evasion," Proc. 3rd Usenix Conf. Offensive Technologies (WOOT 09), Usenix Assoc., 2009, p. 9; www.usenix.org/event/woot09/tech/full_papers oberheide.pdf.
6. U. Bayer et al., "A View on Current Malware Behaviors," Proc. 2nd Usenix Conf. Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More (LEET 09), Usenix Assoc., 2009, p. 8.
7. G. Taha, "Counterattacking the Packers," white paper, McAfee Avert Labs, 2007.
8. T. Brosch and M. Morgenstern, "Runtime Packers: The Hidden Problem?" PowerPoint presentation at Black Hat USA, 2006; www.blackhat.com/presentations/bh-usa-06 BH-US-06-Morgenstern.pdf.
9. Y.-S. Choi et al., "PE File Header Analysis-Based Packed PE File Detection Technique (PHAD)," Proc. Int'l Conf. Computer Science and Its Applications (CSA 08), IEEE CS Press, 2008, pp. 28–31.
10. M.Z. Shafiq, S.M. Tabish, and M. Farooq, "PE-Probe: Leveraging Packer Detection and Structural Information to Detect Malicious Portable Executables," Proc. 18th Virus Bulletin Conf. (VB 09), Virus Bulletin, 2009, pp. 29–33.
11. S. Han, K. Lee, and S. Lee, "Packed PE File Detection for Malware Forensics," Proc. 2nd Int'l Conf. Computer Science and Its Applications (CSA 09), IEEE CS Press, 2009, pp. 1–7.
12. W. Wong and M. Stamp, "Hunting for Metamorphic Engines," J. Computer Virology, vol. 2, no. 3, pp. 211–229.
13. R. Santamarta, "Generic Detection and Classification of Polymorphic Malware Using Neural Pattern Recognition," white paper, ReverseMode, June 2006.
14. R. Livintz, "Conficker—One Year After (Part One)," blog, 17 Nov. 2009; www.malwarecity.com/blogconficker-one-year-after-part-one-672.html .
15. F. Perriot, P. Ször, and P. Ferrie, "Striking Similarities: Win32/Simile and Metamorphic Virus Code," white paper, Symantec Security Response, 2003; www.symantec.com/avcenter/referencestriking.similarities.pdf .
16. A. Walenstein et al., "Normalizing Metamorphic Malware Using Term Rewriting," Proc. 6th IEEE Int'l Workshop Secure Code Analysis and Manipulation (SCAM 06), IEEE CS Press, 2006, pp. 75–84.
5 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool