A study on common malware families evolution in 2012

Autor: Marius Barat, Dumitru Bogdan Prelipcean, Dragoş Gavriluţ
Rok vydání: 2013
Předmět:
Zdroj: Journal of Computer Virology and Hacking Techniques. 9:171-178
ISSN: 2263-8733
DOI: 10.1007/s11416-013-0192-5
Popis: With the exponential growth of malware in the last 5 years, the number of polymorphic malware increased as well. The aim of this paper is to describe the evolution throughout a year of four major malware families (FakeAlert, Sirefef, ZBot and Vundo). The analysis has been made in terms of polymorphic mechanisms with regards to the polymorphic mechanisms (such as changes in the packer module, changes in the geometry of file, variation of version information from the resource directory or different methods used to modify the icon of one file) which have been used in order to avoid their detection by anti-malware systems. The malware files were collected every week throughout one year's time. For each family we have recorded the new variants and the updates that were added to the old ones in order to avoid detection. We have managed to examine more than 1,000 new versions of such files. The current article includes an additional study case. The latter focuses on the methods that have been used by the FakeAlert malware family in order to modify their icons.
Databáze: OpenAIRE