Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Monday, February 25, 2013

The security threat of evasive malware

Lastline has released a new report that looks at how malware authors are able to exploit the limited visibility of automated malware analysis systems (sandboxes) and ensure that targeted attacks and zero day exploits remain successful. While environmental checks have been well documented, stalling code is the latest technique being utilized to spread malware.  It delays the execution of a malicious code inside a sandbox and instead performs a computation that appears legitimate.

The report finds that stalling codes are particularly troublesome because they “can no longer be handled by traditional sandboxes (even if the trick is known).”

“Current sandboxes have a lack of visibility into the execution of a malware program,” said Giovanni Vigna, CTO of Lastline.  “To detect this new breed of evasive threats, a sandbox needs to have visibility and must be able to do this stealthily.

Link: http://www.net-security.org/malware_news.php?id=2423

Posted on 02/25
ProductPermalink