Multi-Stage Delivery of Malware

Citation

M. Ramilli and M. Bishop, “Multi-Stage Delivery of Malware,” Proceedings of the 5th IEEE International Conference on Malicious and Unwanted Software pp. 91–97 (Oct. 2010).

Paper

• Published version web page, paper paywalled at IEEE Explore: [DOI] [URL]
• Authors’ final version:
  • Local: [PDF] [PS]
  • UC Repository: [eScholarship]

Abstract

Malware signature detectors use patterns of bytes, or variations of patterns of bytes, to detect malware attempting to enter a systems. This approach assumes the signatures are both or sufficient length to identify the malware, and to distinguish it from non-malware objects entering the system. We describe a technique that can increase the difficulty of both to an arbitrary degree. This technique can exploit an optimization that many anti-virus systems use to make inserting the malware simple; fortunately, this particular exploit is easy to detect, provided the optimization is not present. We describe some experiments to test the effectiveness of this technique in evading existing signature-based malware detectors.

Bibliographic Information: [BibTeX] [RIS]
DOI: 10.1109/MALWARE.2010.5665788