Methods Of Detecting Clandestine Malware Using Behavior And Signature Based Methods

Adversarial managed infrastructure Command & Control (C2) – utilizing a managed infrastructure (IPs, domains, applications) to maintain communications with implanted malware

Ralph Langner’s article on the Stuxnet worm discusses the hardware, distribution and targets of the attack. He also goes into detail regarding the outlook of future attacks and what we can do to prevent them.

Ever since the tragic terrorist attacks of September 11, 2001 the media’s top priority every day is covering any and all terrorism. By all acounts, 9-11 remains the single most deadly attack ever on American soil, however terror attacks declined over the last twenty years. Despite the decline in terror activity, media coverage continues to report at an all-time high. Thus, every major news entity worldwide continually provides around the clock terrorism coverage. Deadly carnage streams on a time loops constantly, gruesome amputations and gun shot wounds appear on tvs around the world. The grotesque footage decencitizes millions of people and promotes and kind of glamourizes terrorism. The tv coverage causes wide spread fear, panic, and

Malware, or “malicious software”, has taken different forms and names for years. Spyware and viruses are just a few of the common titles attributed to this devastating means of cyber attack, the main purpose of which is to ultimately compromise a rival's computer infrastructure. State-sponsored attacks have typically been perpetrated by means of malware. Spear-phishing is one particularly popular means of malware, where by a target is fooled into opening a corrupted email or file, only to unwittingly download a compromising piece of malware onto their computer (XX). Once this malware is installed, control of the computer is placed in the hands of the hacker, allowing them to hack other networks while proving impossible to track down (XX18). China has been a prime culprit for spear-phishing attacks, often following current events to target respective dignitaries. For instance, the 2010 G20 Summit saw thousands of spear-phishing campaigns against officials, with email titles labelled in relation to the Summit itself (XX). Countless departments, institutions, and governments have fallen victim to spear-phishing campaigns, at the count of millions of dollars and priceless information

Malware is a class of malicious code that incorporates viruses, worms, and Trojan horses. Specialized communication tools are used by destructive malwares in order to spread. Malwares could be distributed by means of email and texts, Trojan horses dropped from web sites, and virus-infected records obtained from peer-to-peer connections. Malwares looks for existing flaws and loopholes in the system architecture to make a peaceful and simple entrance.

Explains what a botnet is, how it is created, used and the amount or types of data that can be collected over time. The ability to track or monitor many of these botnets by antivirus software is reported to be a very low percentage of known botnets. One of the basic principles is almost a “throw everything at it and see what sticks” mentality in that developers will employ a botnet through embedding it in a quasi-convincing spam message and hoping the reader is dumb enough to click on the link (Mittleman 67.)

The Internet is a worldwide communications system that allows millions of computers to exchange information.

Lawton, G. (2008). Is it finally time to worry about mobile malware? Computer, 41(5), 12-14.

By the year of 2016, investments in online security are expected to reach $86bn (Contu et al, 2012). Although this might seem a large sum of money, it is considered necessary since there is an increase in online risks from all over the world. Professional hackers develop malware on a global scale and on a 24/7 basis. Hackers have five objectives when spreading malware over the Internet: to infect/distribute, to steal, to persist, to control and for intelligence (Morris, 2010).

Cybercrime has become a fast growing concern for the 21st century as businesses, institutions and individuals grow into an interconnected web of computer networks. Online business transactions, along with the sharing of personal information, are vulnerable to a host of disasters that can reap economic and social havoc. Some sources say that today, cybercrime costs more than $1.0 trillion to society--Global Industry Analysts, Inc. forecasted the world cyber security market to reach $80 billion by 2017 (Gale, 2011).

Sikorski & Honig (2012), explain the fact that when carrying out malware analysis and detection, only the malware executable is present, which is usually not in natural language form. A variety of tools and techniques need to be employed to ensure that the underlying information is revealed. Two basic approaches to malware analysis and detection include: static analysis (observing the malware without running it), and dynamic analysis (running the malware). They can be done either in the basic form or more advanced ways.

Detectable traces of attacks are left on the system which is compromised. Checksum of malicious file or existence of particular service can be the methods for discovering evidence of a particular

As mentioned before, current behavior-based mobile malware detection approaches can mostly be categorized into two main groups: emph{client-side} and emph{server-side} detection. The client-side detection approaches run locally and apply anomaly methods on the set of features which indicate the state of the app. The pBMDS cite{xie2010pbmds} is based on correlating user inputs with system calls to detect anomalous activities. A Hidden Markov Model (HMM) is used to learn application and user behaviors from two major aspects: process state transitions and user operational patterns. Built upon these two aspects, the pBMDS identifies behavioral differences between user initiated applications and malware compromised ones. Zhang et

The internet is a medium that is becoming progressively important as it makes information available in a quick and easy manner. It has transformed communications and acts as a global network that allows people to communicate and interact without being limited by time, boarders and distance. However, the infrastructure is vulnerable to hackers who use the system to commit cyber crime. To accomplish this, they make use of innovative stealth techniques for their malicious purposes in the internet.

Not only is malware becoming more difficult to deobfuscate, but it 's also utilizing new functions that are difficult to detect by these means. Therefore, anti-malware researchers should focus on other forms of detection such as CPU analyzers, holograpy, eigenvirus detection, differential fault analysis, the growing grapes method, and whitelist protection.