A deeper look at malware - the whole story presented at Virus Bulletin 2007

by Bryan Lu (Fortinet),

Tags: Security

URL : http://www.virusbtn.com/conference/vb2007/abstracts/Lu.xml

Summary : "Despite researcher curiosities about how each and every type of malware works, the cyber world still suffers a deluge
of more than thousands of malware per day. Malware packers and encoders are building an outer shell for these massive
malicious files in order to try and drop the detection rate. Looking at the assortment and properties of these files,
rather than the files alone, could prove promising in thwarting these efforts and increasing detection rates.
Unbelievable as it may seem, 'PE_Patch', the top one packer for executable files is only 5% detected by a few
anti-malware vendors. Aside from the packer, investigating on the file properties particularly, its size, can
elaborate and expand the details of the collections. Roughly 97% of malware discovered in 2006 was below one megabyte
in size. Through incorporating these two facets - packer and file size - on the design of security products,
detection and performance rate are undeniably going to improve.In such cases, deeper inspection of each piece of malware is half of the story in mitigating threats. The presentation shows
how looking into a collection of malware as a whole and grouping those by its properties can add significant
improvement on detection and performance. Besides being purely statistical, this may be viewed as food for
refined heuristics."