TY - CONF JO - Malicious and Unwanted Software (MALWARE), 2010 5th International Conference on TI - Multi-stage delivery of malware T2 - Malicious and Unwanted Software (MALWARE), 2010 5th International Conference on IS - SN - VO - SP - 91 EP - 97 AU - Ramilli, M. AU - Bishop, M. Y1 - 19-20 Oct. 2010 PY - 2010 KW - invasive software KW - optimisation KW - antivirus system KW - bytes pattern variation KW - malware multistage delivery KW - malware signature detector KW - optimization VL - JA - Malicious and Unwanted Software (MALWARE), 2010 5th International Conference on DOI - 10.1109/MALWARE.2010.5665788 AB - Malware signature detectors use patterns of bytes, or variations of patterns of bytes, to detect malware attempting to enter a systems. This approach assumes the signatures are both or sufficient length to identify the malware, and to distinguish it from non-malware objects entering the system. We describe a technique that can increase the difficulty of both to an arbitrary degree. This technique can exploit an optimization that many anti-virus systems use to make inserting the malware simple; fortunately, this particular exploit is easy to detect, provided the optimization is not present. We describe some experiments to test the effectiveness of this technique in evading existing signature-based malware detectors. ER -