Coding Malware in Fancy Programming Languages for Fun and Profit
By: Theodoros Apostolopoulos , Vasilios Koutsokostas , Nikolaos Totosis and more
Potential Business Impact:
Makes antivirus miss hidden computer viruses.
The continuous increase in malware samples, both in sophistication and number, presents many challenges for organizations and analysts, who must cope with thousands of new heterogeneous samples daily. This requires robust methods to quickly determine whether a file is malicious. Due to its speed and efficiency, static analysis is the first line of defense. In this work, we illustrate how the practical state-of-the-art methods used by antivirus solutions may fail to detect evident malware traces. The reason is that they highly depend on very strict signatures where minor deviations prevent them from detecting shellcodes that otherwise would immediately be flagged as malicious. Thus, our findings illustrate that malware authors may drastically decrease the detections by converting the code base to less-used programming languages. To this end, we study the features that such programming languages introduce in executables and the practical issues that arise for practitioners to detect malicious activity.
Similar Papers
Pack-A-Mal: A Malware Analysis Framework for Open-Source Packages
Cryptography and Security
Finds hidden bad code in computer programs safely.
System Calls for Malware Detection and Classification: Methodologies and Applications
Cryptography and Security
Finds bad computer programs by watching how they talk to the computer.
Software Vulnerability Analysis Across Programming Language and Program Representation Landscapes: A Survey
Cryptography and Security
Finds hidden computer program problems before they cause harm.