Georgia Tech's Paul Royal has shown that a newly refined technique could make automated analysis of malware nearly impossible, and he plans to reveal his work at the upcoming Black Hat conference.
Antivirus software developers normally collect samples of malware and then use automated analysis to generate a list of several identifying characteristics. Royal's technique is a form of copy protection known as host identify-based encryption. It can encrypt critical parts of a malware program with keys based on information gleaned from a victim's system, thereby making it even harder to analyze the specimen on a different machine.
Royal's technique could prevent security companies from automatically processing large volumes of files, damaging their ability to keep up with attackers.
"For the antivirus model, this significantly complicates taking the fire hose quantity of malware and weaning it down into a subset that can be practicably analyzed by a human analyst," Royal says.
His presentation at the Black Hat conference could serve as a warning that defenders need to solve this problem quickly.
From Technology Review
View Full Article
Abstracts Copyright © 2012 Information Inc., Bethesda, Maryland, USA
No entries found