Whitepapers

  • Most Ransomware Isn't As Complex As You Might Think
    Ransomware has been widely touted as a highly dangerous, sophisticated and destructive breed of malware, but recent academic research shows many of the ransomware families in the wild today are not necessarily as sophisticated or scary as most believe.
  • Revolver: An Automated Approach to the Detection of Evasive Web-based Malware
    The latest attacks found in the wild incorporate code that detects the presence of dynamic analysis systems and try to avoid analysis and/or detection.
  • The Threat of Evasive Malware
    The fight against malicious code is an arms race. Whenever defenders introduce novel detection techniques, attackers strive to develop new ways to bypass them.
  • Automated Detection and Mitigation of Execution-Stalling Malicious Code
    Malware continues to remain one of the most important security problems on the Internet today. Whenever an anti - malware solution becomes popular, malware authors typically react promptly and modify their programs to evade defense mechanisms.
  • Using Passive DNS Analysis to Automatically Detect Malicious Domains
    The domain name service (DNS) plays an important role in the operation of the Internet, providing a two - way mapping between domain names and their numerical identifiers. Given its fundamental role, it is not surprising that a wide variety of malicious acti vities involve the domain name service in one way or another.
  • Detection and Analysis of Drive-by-Download Attacks and Malicious JavaScript Code
    JavaScript is a browser scripting language that allows developers to create sophisticated client - side interfaces for web applications. However, JavaScript code is also used to carry out attacks against the user's browser and its extensions
  • Analyzing and Detecting Malicious Flash Advertisements
    The amount of dynamic content on the web has been steadily increasing. Scripting languages such as JavaScript and browser extensions such as Adobe's Flash have been instrumental in creating web - based interfaces that are similar to those of traditional appl ications.
  • Why Anti-Virus Solutions Based on Static Signatures Are Easy to Evade
    Malicious code is an increasingly important problem that threatens the security of computer systems. The traditional line of defense against malware is composed of malware detectors such as commercial virus and spyware scanners.
  • In-Depth Analysis of Malware
    Malware analysis is the process of determining the purpose and functionality of a given malware sample (such as a virus, worm, or Trojan horse). This process is a necessary step to be able to develop effective detection techniques for malicious code.
  • Analyzing Malicious Shellcode Dynamically
    Shellcode is malicious binary code whose execution is triggered after the exploitation of a vulnerability. The automated analysis of malicious shellcode is a challenging task, since encryption and evasion techniques are often used.
  • The Holy Grail: Automatically Identifying Command and Control Connections from Bot Traffic
    A distinguishing characteristic of bots is their ability to establish a command and control (C&C) channel. The typ ical approach to build detection models for C&C traffic and to identify C&C endpoints (IP addresses and domains of C&C servers) is to execute a bot in a controlled environment and monitor its outgoing network connections.
  • Understanding the Hidden Economy of Fake Anti- Virus Software
    Fake antivirus (AV) programs have been utilized to defraud millions of computer users into paying as much as one hundred dollars for a phony software license. As a result, fake AV software has evolved into one of the most lucrative criminal operations on the Internet.
  • Looking Through the iFrame
    Drive - by - download attacks have become the method of choice for cyber - criminals to infect machines with malware. Previous research has focused on developing techniques to detect web sites involved in drive - by - download attacks, and on measuring their prevalence by crawling la rge portions of the Internet.
  • Large-Scale Detection of Malicious Web Pages
    Malicious web pages that host drive - by - download exploits have become a popular means for compromising hosts on the Internet and, subsequently, for creating large - scale botnets. In a drive - by - download exploit, an attacker embeds a malicious script (typical ly written in JavaScript) into a web page.
  • Dealing with Evasion in Malware Analysis by Analyzing Multiple Execution Paths
    Malicious code (or malware) is defined as software that fulfills the deliberately harmful intent of an attacker. Malware analysi s is the process of determining the behavior and purpose of a given malware sample (such as a virus, worm, or Trojan horse).