Abusing File Processing in Malware Detectors for Fun and Profit

Download Now
Provided by: Institute of Electrical & Electronic Engineers
Topic: Security
Format: PDF
The authors systematically describe two classes of evasion exploits against automated malware detectors. Chameleon attacks confuse the detectors' file-type inference heuristics, while werewolf attacks exploit discrepancies in format-specific file parsing between the detectors and actual operating systems and applications. These attacks do not rely on obfuscation, metamorphism, binary packing, or any other changes to malicious code. Because they enable even the simplest, easily detectable viruses to evade detection, they argue that file processing has become the weakest link of malware defense.
Download Now

Find By Topic