Sign in with
Sign up | Sign in

Modern Malware is Good at Hiding, Researchers Say

By - Source: Tom's Guide US | B 6 comments
Tags :

LAS VEGAS — A security researcher identifies a program that might be malware. Like a police officer interrogating a suspect, the researcher starts to analyze the program, looking for evidence of malicious activity. But like a tight-lipped suspect, malware is getting better at resisting interrogation.

At the Black Hat security conference in Las Vegas, Nevada (August 6), Intel researchers Rodrigo Branco and Gabriel Negreira Barbosa presented their analysis of 12 million malware samples, showing that malware is getting better at making life harder for the people trying to detect and fight it.

MORE: 7 Scariest Security Threats Headed Your Way

In their talk, an update to their 2012 report on the same subject, Branco and Barbosa ran through several techniques found in modern malware that are designed to resist researcher analysis.  

For example, some malware samples exhibited increased ability to detect whether they were being run on a virtual machine (VM). Often, researchers let malware run on an isolated area called a virtual machine, where the malware can't do any real damage, and researchers can safely observe their behavior. Malware samples equipped with Anti-VM techniques can tell if they're being run on a virtual machine, and if so, will simply refuse to run.

Virtual machines aren't the only researcher tools that malware is targeting. Branco and Barbosa also found an increase in malware with anti-disassembly and anti-debugger features as well. A disassembly tool lets researchers view the malware's code, and a debugger is a tool researchers can use to help understand what a specific line of code in a piece of malware does.

Both are also essential weapons in a malware researcher's arsenal. But malware is getting better at making it hard for researchers to deploy these tools.

Ironically, techniques that malware uses to hide itself can be used to identify malware in the first place. Branco and Barbosa have developed an anti-malware approach that involves searching for these evasion techniques in the first place.

Jill Scharr is a staff writer for Tom's Guide, where she regularly covers security, 3D printing and video games. You can follow Jill on Twitter @JillScharr and on Google+. Follow us @tomsguide, on Facebook and on Google+.

Discuss
Ask a Category Expert

Create a new thread in the Streaming Video & TVs forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
  • 0 Hide
    coolitic , August 7, 2014 2:55 PM
    Captain Obvious anyone?
  • 1 Hide
    anxiousinfusion , August 7, 2014 11:17 PM
    And the article ends just like that. They don't go on to talk about their new developments?
  • 0 Hide
    knowom , August 8, 2014 2:29 AM
    Great article it's about as good as the ending to a crappy movie that doesn't really have one.
  • Display all 6 comments.
  • 0 Hide
    sharkyh20 , August 8, 2014 2:34 AM
    They get paid for this? *Clears throat* 'My studies show something needs to be done about Malware'. Do I get Intel Dollars now?
  • 0 Hide
    virtualban , August 8, 2014 2:47 AM
    I wonder what will the malware do when it infects skynet. Or is skynet the malware?
  • 0 Hide
    Andy Chow , August 8, 2014 8:05 AM
    Good thing I run windows in a virtual machine, lol.
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter
  • add to twitter
  • add to facebook
  • ajouter un flux RSS