Issue No. 05 - September/October (2008 vol. 6)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2008.126
Wei Yan , Trend Micro
Zheng Zhang , McAfee
Nirwan Ansari , New Jersey Institute of Technology
In concert with the ever-growing network applications, a significant increase in the spread of malware over the Internet has been observed. In cases where malware are the zero-day threats, generating their signatures for detection via anti-virus (AV) scan engines becomes an important reactive security function. However, modern malware can easily bypass AV scanners using packers, which can hide malicious file contents from detection. This article describes how packers work, and the three most commonly used unpacking methods. The authors describe the logic flow and behavior of Upack, a popular packer, as an example of a software packer.
malware, packer, anti-virus, basic training
W. Yan, Z. Zhang and N. Ansari, "Revealing Packed Malware," in IEEE Security & Privacy, vol. 6, no. , pp. 65-69, 2008.