Your search keyword '"Cryptovirology"' showing total 7 results

1. Using feature generation from API calls for malware detection

Author

Zahra Salehi, Ashkan Sami, and Mahboobe Ghiasi

Subjects

Scareware, Software_OPERATINGSYSTEMS, General Computer Science, Computer science, business.industry, Rootkit, Permission, Adware, Computer security, computer.software_genre, Cryptovirology, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Software, False positive paradox, Malware, business, Law, computer

Abstract

The term malware – a combination of the words ‘malicious’ and ‘software’ – refers to a group of software designed to penetrate or damage a computer system without the owner's permission. This set includes viruses, trojans, backdoors, worms, adware, rootkits, spyware and so on. Methods for detecting malicious software, based on signatures, are easily evaded, so anti-virus vendors rely on dynamic analysis to detect zero-day binaries. Unfortunately, this is too slow and inefficient to be used in commercial anti-virus. Zahra Salehi, Ashkan Sami and Mahboobe Ghiasi of Shiraz University, Iran, propose a new malware detection technique based on identifying malicious behaviour through API calls and/or arguments. The high accuracy and low false positives of the method demonstrate that it is appropriate for real-world commercial applications, they argue.

Published

2014

2. Malware detection by behavioural sequential patterns

Author

Babak Yadegari, Hossein Rahimi, Ashkan Sami, and Mansour Ahmadi

Subjects

General Computer Science, Exploit, Process (engineering), Computer science, media_common.quotation_subject, computer.file_format, computer.software_genre, Computer security, World Wide Web, Cryptovirology, Debugging, Code (cryptography), Malware, Executable, Detection rate, Law, computer, media_common

Abstract

For many years, malware has been the subject of intensive study by researchers in industry and academia. Malware production, while not being an organised business, has reached a level where automatic malicious code generators/engines are easily found. These tools are able to exploit multiple techniques for countering anti-virus (AV) protections, from aggressive AV killing to passive evasive behaviours in any arbitrary malicious code or executable. Development of such techniques has lead to easier creation of malicious executables. Consequently, an unprecedented prevalence of new and unseen malware is being observed. Reports suggested a global, annual economic loss due to malware exceeding $13bn in 2007. 1 Traditional signature-based antivirus methods struggle to cope with polymorphic, metamorphic and unknown malicious executables. And analysing and debugging obfuscated programs is a tricky and cumbersome process. Now Mansour Ahmadi of Young Researchers and Elite Club, Shiraz Branch, Iran and Ashkan Sami, Hossein Rahimi and Babak Yadegari of Shiraz University, Iran have developed a novel framework based on runtime API call auditing and data mining, a method that achieved a malware detection rate of 98.4% in tests. Here, they detail their approach and the benefits it could bring.

Published

2013

3. Inserting malware at the source

Author

Danny Bradbury

Subjects

General Computer Science, Vendor, Computer science, Supply chain, Compromise, media_common.quotation_subject, Computer security, computer.software_genre, Purchasing, Counterfeit, Cryptovirology, Product (business), Malware, Law, computer, media_common

Abstract

Peter Muhlberger was happy when he bought home his digital camera. He was looking forward to taking high-quality digital images to show his family and friends. But the camera came with an unexpected addition: “I plugged it into my PC and it had a virus on it,” says the programme director for social, behavioural and economic research at the National Science Foundation (NSF). The camera came with the virus straight out of the box. It hadn't been tampered with en route from the store. It turns out that malware and other threats are being inserted in the supply chain, and that this is not an isolated occurrence. Inserting malware in the supply chain is an excellent way to spread it around. After all, distribution is guaranteed if malware is bundled directly into a product. It will reach the computers of a very high percentage of purchasing customers, giving the malware vendor the chance to overcome any defences. In addition to the deliberate or accidental compromise of legitimate systems, customers must also cope with the danger of counterfeit systems that can show up both at the consumer and the enterprise level. Danny Bradbury examines the problem of malware in the supply chain and what's being done to combat it.

Published

2012

4. The evolution of mobile malware

Author

Axelle Apvrille

Subjects

World Wide Web, Cryptovirology, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Software_OPERATINGSYSTEMS, General Computer Science, Computer science, Android malware, Android (operating system), Computer security, computer.software_genre, Law, Mobile malware, computer

Abstract

From Cabir to FakeDefend, the past decade has seen the number of mobile malware threats explode. In 2013, we saw more than 1,300 new malicious applications per day and anti-malware systems are currently tracking over 300 Android malware families and over 400,000 malicious Android applications.

Published

2014

5. Are your IT professionals prepared for the challenges to come?

Author

Sorin Mustaca

Subjects

General Computer Science, business.industry, Computer science, Internet privacy, New variant, Encryption, Computer security, computer.software_genre, Cryptovirology, Order (business), Child pornography, CryptoLocker, Ransomware, Malware, business, Law, computer

Abstract

Last year, 2013, was the year of ransomware. We have seen many methods that this malware has used to scare victims – including child pornography, encrypting files, using P2P networks. Probably the most famous of all ransomware is CryptoLocker – a new variant of this type of malware that encrypts various files on the user's computer and demands the owner to pay the malware authors in order to decrypt the files.

Published

2014

6. The changing face of malware

Author

Steve Gold

Subjects

General Computer Science, business.industry, Computer science, Internet privacy, Face (sociological concept), Program code, Computer security, computer.software_genre, Cryptovirology, Open source, Malware, business, Law, computer, Hacker

Abstract

As a quick glance at the IT security newswires will confirm, hacker attack vectors are evolving very quickly indeed. Current generations of malware such as Conficker and Koobface are being revitalised time and time again by hackers who now seem to regard all program code as open source, whether commercial, shareware, freeware or malware in origin. 1

Published

2009

7. Behavioural malware analysis using Sandnets

Author

Joe Stewart

Subjects

Reverse engineering, Software_OPERATINGSYSTEMS, General Computer Science, Computer science, Computer security, computer.software_genre, Domain (software engineering), Cryptovirology, World Wide Web, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Covert, Sandbox (computer security), Code (cryptography), Malware, Malware analysis, Law, computer

Abstract

Researcher Joe Stewart reveals how to get inside the mind of a malware creator using the “Sandnet” technique. The Sandnet concept helps enterprises get to grips with understanding a piece of attacking malware without the cost and labour of reverse engineering. It watches the changes occurring in an infected system, along with the network traffic sent by the malware. It can be described as a Sandbox that encompasses an entire network. Sandnet has the advantage of being more covert than VMware as it requires more code to be detected. Malware analysis has long been an arcane art, left to those who have advanced low-level reverse engineering skills and dedicated research labs. For years this has been solely the domain of the professional antivirus company and its researchers. However, as more organizations see the need for employing additional defensive mechanisms above and beyond antivirus scanning, the ability to observe the behavior of malware as it interacts with the network and the operating system becomes imperative. This article introduces a system for quick and nearly-automated behavioural analysis of malware.

Published

2006