If Flashback is an indication of the future, and automation can no longer cull the onslaught of files to analyze, then antivirus companies could see their costs skyrocket.
"From our perspective, we analyze hundreds of thousands of samples per day," says Dean De Beer, chief technology officer of ThreatGRID, a malware-analysis services firm. "Now they are throwing this curveball, and we have to sit back and say, 'What do we need to do in order to ensure that we can collect the sample?' "
Antivirus firms could attempt to foil such malware by creating a virtual machine that appears identical to the victim's system. But this could raise privacy concerns among users. To make the analysis more difficult, malware authors could create functions that interpret commands from the command-and-control servers using a key created from information about the computer's network location. Known as instruction-set localization, the technique would make commands meant for a machine based in San Francisco unrecognizable to a machine based in Boston.
Antivirus firms hope that Royal keeps the discussion at a high level to avoid giving attackers precise advice on how to improve their ability to lock malware to infected machines. "Flashback was a pain," says Schouwenberg. "If the talk is on how to make this very easy for the attacker, then I am not looking forward to that."
Royal hopes the presentation serves as a warning that defenders need to solve this problem quickly. "This presentation is not a reason to throw away your malware analysis tools," he says. "It is supposed to be a warning. We all need to prepare."
antivirus, computer virus, Georgia Tech , malware, Symantec Related Articles:View the Original article
No comments:
Post a Comment