Security Investigate

Are Current Antivirus Programs Able to Detect Complex Metamorphic Malware? an Empirical Evaluation

Download now Free registration required

Executive Summary

In this paper, the authors present the design of a metamorphic engine representing a type of hurdle that antivirus systems need to get over in their fight against malware. First they describe the two steps of the engine replication process : obfuscation and modeling. Then, they apply this engine to a real worm to evaluate current antivirus products detection capacities. This assessment leads to a classification of detection tools, based on their observable behavior, in two main categories: the first one, relying on static detection techniques, presents low detection rates obtained by heuristic analysis. The second one, composed of dynamic detection programs, focuses only on elementary suspicious actions.

  • Format: PDF
  • Size: 941 KB