Polymorphic malware booming

By on
Polymorphic malware booming

Tries to outfox anti-virus emulators.

Instances of polymorphic malware has significantly increased this month according to Symantec.

The vendor said that in July 23.7 per cent of all malicious email-borne malware was characterised as aggressive strains of generic polymorphic malware.

In September this rocketed to 72 per cent as cyber criminals adopted a variety of more sophisticated techniques, such as sending emails purporting to be from a smart printer/scanner and forwarded by a colleague.

“The most recent attacks in the report are email-based, in the form of attachments disguised with some interesting social engineering," said Paul Wood, senior intelligence analyst at Symantec.cloud.

“The anti-virus industry's response to (server side) polymorphic malware has been the use of behavioural analysis in a virtual sandbox. This allows the code to be run in a tightly controlled environment where the anti-virus software can perform some analysis of its functionality.

“However, the new malware includes ways that attempt to defeat these emulators, including changing the start-up code in every version, subtly changing the structure to make it harder for emulators to identify it as malicious.”

Wood said anti-virus technology cannot rely solely on heuristics and signatures to defend against attacks, and must take into account the integrity of the executable based on knowledge of its reputation and distribution in the wild.

This article originally appeared at scmagazineuk.com

Copyright © SC Magazine, UK edition

Most Read Articles

Log In

|  Forgot your password?