Malware analysis and antivirus signature creation

Abstract

The rapid advances social media, educational tools and communications platforms available today have expanded the attack landscape through which the malicious user can propagate their work can carry out damaging attacks. Attacks against desktop, mobile and cloud-based systems have seen a sharp increase in recent years owing to recent advanced malware creation techniques and all the more worrying are the common misconceptions among end-users that anti-malware programs will safeguard against these threats. Progressive analysis of these malware specimens has prompted the security industry as a whole to take the matter more seriously but currently, appears to be reacting to threats rather than pro-actively building defences against the next wave of attacks. Significant difficulties are faced by the security industry in this respect. On this basis, the following work evaluates and analyses a Windows malware specimen in a controlled virtual environment to determine its purpose and function using a combination of static and dynamic code analysis. Results show that obfuscation strategies employed by malware writers ‘morph’ viruses into forms which evade detection even by complex heuristic detection algorithms. It is recommended that the security process including the policies, procedures and security awareness training programmes be actively developed in the corporate context and that end-users in the domestic case take greater care with downloading.