Sabre Security's research provides some interesting metrics on a trend that has been evident for some years now.
Inevitably, reusable code, in whatever form is abundant in all software development environments. Malware is no different in this respect. Indeed many of the tasks that malware relies on for infection, propagation and persistence is highly complex. Reusing proven code allows malware companies to shorten their time to market and improves the quality and consistency of their new creations. It also provides a framework which allows these companies/organizations to easily create random morphs/variations by wrapping their common code inside easily generated/varied wrappers.
We already us common malicious code recognition, Dynamic Code Translation and Emulation as one key technologies to more easily and accurately detect morphs/variations, extracts or mutations of known mailicious code structures or objects. These techniques have proved successful in tracking mutations of specific malware groups where common code was used across more than 20,000 unique malware objects.
Inevitably, reusable code, in whatever form is abundant in all software development environments. Malware is no different in this respect. Indeed many of the tasks that malware relies on for infection, propagation and persistence is highly complex. Reusing proven code allows malware companies to shorten their time to market and improves the quality and consistency of their new creations. It also provides a framework which allows these companies/organizations to easily create random morphs/variations by wrapping their common code inside easily generated/varied wrappers.
We already us common malicious code recognition, Dynamic Code Translation and Emulation as one key technologies to more easily and accurately detect morphs/variations, extracts or mutations of known mailicious code structures or objects. These techniques have proved successful in tracking mutations of specific malware groups where common code was used across more than 20,000 unique malware objects.
Mel Morris
CEO
Prevx
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/newsbriefs/200/951#951