Malware in the Wild: Evolving to Evade Detection

Malware in the Wild: Evolving to Evade Detection

Advanced malware is behind many headline-grabbing data breaches, and untold others. It has evolved to elude detection by sensing its environment and – if anti-malware technology is detected – performing evasive maneuvers. Once it gains entry, the malware can lay dormant until the attacker chooses to strike. Malware has also developed symbiotic relationships, with one type facilitating distribution of another type that exploits the compromised system (for example, GoZeus and Cryptolocker).

Large organizations are responding with sophisticated security tools and threat response teams. In a neverending digital arms race, cybercriminals have responded in turn by creating malware that can detect this new generation of security and essentially act benign or abort the mission if it’s about to be caught by a scanner.

In this presentation from SXSW Interactive 2015, I discuss new insights into the evolution of this class of evasive malware based on billions of files and URLs analyzed over a period of four years. I cover challenges to detection that industry and researchers currently face as well as recent research from Lastline Labs on the prevalence of sophisticated malware that hides in the Windows Kernel.

Enjoy! (You can also download the deck I used here).

Engin Kirda

Engin Kirda

In addition to being co-founder and Chief Architect at Lastline, Dr. Engin Kirda is a Professor of Computer and Information Science at Northeastern University in Boston, and the director of the Northeastern Information Assurance Institute. Before Northeastern, Dr. Kirda held faculty positions at Institute Eurecom in the French Riviera and the Technical University of Vienna where he co-founded the Secure Systems Lab that is now distributed over five institutions in Europe and US. Engin has authored or co-authored more than 110 peer-reviewed scholarly publications and served on program committees of numerous well-known international conferences and workshops.
Engin Kirda