Impeding automated malware analysis with environment-sensitive malware

  • Authors:
  • Chengyu Song;Paul Royal;Wenke Lee

  • Affiliations:
  • Georgia Institute of Technology;Georgia Institute of Technology;Georgia Institute of Technology

  • Venue:
  • HotSec'12 Proceedings of the 7th USENIX conference on Hot Topics in Security
  • Year:
  • 2012

Quantified Score

Hi-index 0.00

Visualization

Abstract

To solve the scalability problem introduced by the exponential growth of malware, numerous automated malware analysis techniques have been developed. Unfortunately, all of these approaches make previously unaddressed assumptions that manifest as weaknesses to the tenability of the automated malware analysis process. To highlight this concern, we developed two obfuscation techniques that make the successful execution of a malware sample dependent on the unique properties of the original host it infects. To reinforce the potential for malware authors to leverage this type of analysis resistance, we discuss the Flashback botnet's use of a similar technique to prevent the automated analysis of its samples.