[Zurück]

C. Kolbitsch, E. Kirda, C. Krügel:
"The Power of Procrastination: Detection and Mitigation of Execution-Stalling Malicious Code";
Vortrag: ACM Conference on Computer and Communications Security (CCS), Chicago; 17.10.2011 - 21.10.2011; in: "Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS)", ACM, (2011).

Malware continues to remain one of the most important security problems on the Internet today. Whenever an anti-malware solution becomes popular, malware authors typically react promptly and modify their programs to evade defense mechanisms. For ex- ample, recently, malware authors have increasingly started to create malicious code that can evade dynamic analysis.
One recent form of evasion against dynamic analysis systems is stalling code. Stalling code is typically executed before any malicious behavior. The attacker´s aim is to delay the execution of the malicious activity long enough so that an automated dynamic analysis system fails to extract the interesting malicious behavior. This paper presents the first approach to detect and mitigate malicious stalling code, and to ensure forward progress within the amount of time allocated for the analysis of a sample. Experimental results show that our system, called HASTEN, works well in practice, and that it is able to detect additional malicious behavior in real-world malware samples.

Malware Analysis, Evasion, Emulation

http://publik.tuwien.ac.at/files/PubDat_204777.pdf

Projektleitung Christian Platzer:
A European Network of Excellence in Managing Threats and Vulnerabilities in the Future Internet: Europe for the World

Projektleitung Gilbert Wondracek:
TRUDIE - Trust Relationships in Underground IT Economies