![]() ![]() This signature-based identification is highly work-intensive for an anti-malware industry that is exceptionally timedependent. The weakness in this process has to do with the effort and timing required to get from initial detection through reverse engineering to signature distribution. Once uniqueness elements are indentified, the developer then needs to codify the results into a signature that is later distributed to servers and clients. They then need to reverse-engineer that software code to find the pieces that can be uniquely identified. In order for a signature to work, a developer needs to find a copy of the new malware. ![]() This failure associated with the signature-based approach illustrates a critical weakness in its core workflow. When malware no longer "looks" like what a signature says it should, the signature no longer works for identification. Much like a biological virus adapts to the attacks brought on by its host, the process of morphing malware's core code changes the characteristics that are used to categorize and identify it. These randomization features change the way the malware "looks" over time. But in the war between the malware developers and those on the anti-malware side, a number of significant software architecture improvements have been developed by the bad guys that make signature-based detections less effective than before.Īs discussed in the second article in this series, a new software architecture found in many sophisticated malware packages is the addition of randomization to their compiling, installation, and sometimes even their regular processing. Signature-based solutions have been moderately successful in the past due to their fast ability to compare known malware characteristics-files, registry keys, or code snippets patched into files. This model has historically relied on a signature-based approach for locating the breadcrumbs of malware's presence on an infected system. There is a problem with the traditional model for locating malware on a candidate computer. With extortion and financial gain a primary motivator for malware creators, you need to keep malware away from your IT environment more than ever before. In this, the final part of this series, the focus is on getting rid of these ever-evolving little buggers all across the business IT environment. ![]() Following on, the second article discussed the advanced behaviors seen in those sophisticated malware packages, focusing on a few high-impact techniques that malware authors use today to hide the presence of their wares while they accomplish their mission. There, we discussed the economics of malware and how those financial forces are driving the underground malware industry towards more efficient and effective use of malware for dollar gain. The first article in this series talked about the classifications of malware seen in today's modern landscape. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |