{"id":757,"date":"2006-05-02T00:00:00","date_gmt":"2006-05-02T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2006\/05\/02\/malware-analysis-reveals-families-of-code\/"},"modified":"2021-12-30T11:38:06","modified_gmt":"2021-12-30T11:38:06","slug":"malware-analysis-reveals-families-of-code","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/?p=757","title":{"rendered":"Malware analysis reveals families of code"},"content":{"rendered":"<p>A project focused on automating the process of classifying malicious software found that many programs have similar ancestors but that the names assigned by security firms don&#8217;t always highlight common code.  The project, pursued over the past few weeks by Sabre Security, used the company&#8217;s reverse engineering tool to identify the functional components in more than 200 samples of malicious code.  Using a clustering algorithm, the samples were classified into code families, forming two large clusters, three smaller ones and several pairs of siblings and outliers.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The analysis discovered that several threats identified by different names among antivirus vendors are, in fact, very similar, Halvar Flake, head of researcher and founder of Sabre Security, stated in comments to his blog.<\/p>\n<p>On the other hand, Sasser.B and Sasser.D are only 68 percent similar, according to Sabre&#8217;s analysis.<\/p>\n<p>http:\/\/www.securityfocus.com\/brief\/200?ref=rss<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-757","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/757","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=757"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/757\/revisions"}],"predecessor-version":[{"id":3244,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/757\/revisions\/3244"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=757"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=757"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=757"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}