Multi-Stage Delivery of Malware


M. Ramilli and M. Bishop, “Multi-Stage Delivery of Malware,” Proceedings of the 5th IEEE International Conference on Malicious and Unwanted Software pp. 91–97 (Oct. 2010).



Malware signature detectors use patterns of bytes, or variations of patterns of bytes, to detect malware attempting to enter a systems. This approach assumes the signatures are both or sufficient length to identify the malware, and to distinguish it from non-malware objects entering the system. We describe a technique that can increase the difficulty of both to an arbitrary degree. This technique can exploit an optimization that many anti-virus systems use to make inserting the malware simple; fortunately, this particular exploit is easy to detect, provided the optimization is not present. We describe some experiments to test the effectiveness of this technique in evading existing signature-based malware detectors.

Bibliographic Information: [BibTeX] [RIS]
DOI: 10.1109/MALWARE.2010.5665788