The other guys: automated analysis of marginalized malware
Autor: | Paulo Lício de Geus, André Grégio, Marcus Botacin |
---|---|
Rok vydání: | 2017 |
Předmět: |
021110 strategic
defence & security studies Software_OPERATINGSYSTEMS Cyber-collection Computer science 0211 other engineering and technologies 020207 software engineering 02 engineering and technology computer.software_genre File format Computer security Cryptovirology Computational Theory and Mathematics Hardware and Architecture 0202 electrical engineering electronic engineering information engineering Computer Science (miscellaneous) Incident response Microsoft Windows Malware Malware analysis computer Asprox botnet Software |
Zdroj: | Journal of Computer Virology and Hacking Techniques. 14:87-98 |
ISSN: | 2263-8733 |
DOI: | 10.1007/s11416-017-0292-8 |
Popis: | In order to thwart dynamic analysis and bypass protection mechanisms, malware have been using several file formats and evasive techniques. While publicly available dynamic malware analysis systems are one of the main sources of information for researchers, security analysts and incident response professionals, they are unable to cope with all types of threats. Therefore, it is difficult to gather information from public systems about CPL, .NET/Mono, 64-bits, reboot-dependent, or malware targeting systems newer than Windows XP, which result in a lack of understanding about how current malware behave during infections on modern operating systems. In this paper, we discuss the challenges and issues faced during the development of this type of analysis system, mainly due to security features available in NT 6.x kernel versions of Windows OS. We also introduce a dynamic analysis system that addresses the aforementioned types of malware as well as present results obtained from their analyses. |
Databáze: | OpenAIRE |
Externí odkaz: |