What are some techniques used by malware developers that enable them to disguise their codes to prevent them from being analyzed?

Introduction 

Some techniques which are being used by various malware developers are awareness of environment, automated tool for confusing system, invasion on basis of time, obfuscating of internal data. Security developers round the globe are coming up with new methods and techniques which can easily tackle the threats related to techniques.

Discussion

The most four common type of malware techniques which are used by malware developers which distinguish their codes from being analyzed are environment awareness, confusing automated tool, time based invasion, obfuscating of internal data (Rastogi, Chen & Jiang, 2013). Environmental awareness is to detect the runtime environment of the system which the user wants to infect. This particular type of behavior allows the malware to have a difference between virtualized and existing environment. Many researchers make use of Carbanak malware which is used for detection of virtual sandbox before having proper execution.  The second tool is confusing automated tool which does not allow the malware to be easily detected by various technologies of software like signature base antivirus software (Truong, 2014). Security researchers provide response by making an analysis of the difference of working performance between virtual and real environment. Time base invasion is the third most common type of technique used for invasion.  This type of code is generally used by various malware for running at times or using by action which can be easily taken by the user (Rastogi, Chen & Jiang, 2014). This method is inclusive of opening of window which is followed by initial action taken by user. Black POS malware is the most devastating type of malware still known. This type of code ensures that codes will run every time when the windows make a startup. The fourth technique used by malware developer is obfuscating internal data. This particular technique is used by malware to run various codes which cannot be easily detected by having a proper checking of the system. API names with values which are hashed and make use of tables for having certain process form being used by C&C server which contain 443 port which encrypts the traffic. All the modification makes it difficult for the system to analyze the malicious nature of ROM. In today’s world malware are becoming more sophisticated tools due to its behavior (Marpaung, Sain & Lee, 2012). Various security researcher analyst is focusing to make of use of fingerprint analysis which is useful for detection of malware. In the end this malicious software challenges the professional of information security reminding them of the fact that the battle is not over. Malware must be growing in detection when the matter of anti-detection comes into action. On the contrary the security bodies are using these techniques so that they come up new methods to tackle this malicious software.

Conclusion 

From the above discussion it can be easily concluded that this report in general focus on the various techniques and methods which help them in distinguishing their codes which prevent them from being analyzed. Four techniques are environment awareness, automated tool for confusing, invasion on basis of time and obfuscating of data from internal has been discussed in details.

References 

Marpaung, J. A., Sain, M., & Lee, H. J. (2012, February). Survey on malware evasion techniques: State of the art and challenges. In Advanced Communication Technology (ICACT), 2012 14th International Conference on (pp. 744-749). IEEE.

Rastogi, V., Chen, Y., & Jiang, X. (2013, May). Droidchameleon: evaluating android anti-malware against transformation attacks. In Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security (pp. 329-334). ACM.

Rastogi, V., Chen, Y., & Jiang, X. (2014). Catch me if you can: Evaluating android anti-malware against transformation attacks. IEEE Transactions on Information Forensics and Security, 9(1), 99-108.

Truong, H. T. T., Lagerspetz, E., Nurmi, P., Oliner, A. J., Tarkoma, S., Asokan, N., & Bhattacharya, S. (2014, April). The company you keep: Mobile malware infection rates and inexpensive risk indicators. In Proceedings of the 23rd international conference on World wide web (pp. 39-50). ACM.