Done

MALWARE DEVELOPER TECHNIQUES 2

Malware developer techniques

Professor’s name:

Student’s name:

Date

Introduction

Malware refers to every kind of software that is designed to cause damage to the elements of a computer network. Malware developers apply modern reverse engineering to curb malware activities. The different types of malware include encrypted malware, metamorphic malware, polymorphic and oligomorphic malware (Sari, 2019).

Malware developers are always attempting to stay ahead of anti-virus software, among other systems of intrusion detection (IDS). Their primary responsibility is the locating of malicious codes and searching the files plus transmitted data packets. The primary responsibility of anti-virus and other security software types is establishing the pattern that is corresponding to computer viruses established patterns. They neutralize the steps of threats since they are created as polymorphic algorithms, which makes it complicated for the software to develop other offending codes hence establishing it as a constant mutation. Malware developers have developed techniques that portray malware as new again that help in security control evasion (Giuffrida et al., 2018).

Polymorphic malware

This refers to malware that alters itself through every single execution that aims at defeating detection based on the signature—for instance, crypto locker (Almgren et al., 2015).

Packers

The packers are designed for the reduction of malware size through obfuscation of its contents. The most popular is UPX, although not all are malicious. It is not abnormal for all files applying a specific parker to undergo detection by one particular product, which results in false positives—for instance, UPX, AsPack, and MPRESS (Sari, 2019).

Crypters

This has a similarity with packers whereby it compresses executables, which results in difficult samples reverse engineering. Crypters employ virtual machine detectors for sandboxes evasion, including the ones applied by anti-virus through triaging samples. For instance, lime crypter and cryptic (Giuffrida et al., 2018).

High-end crypters

These are purchased by the use of cryptocurrency on the dark web, the entail a custom sub-generator that is unique that enhances decryption and loading of the real malicious code. The unique stub has a likelihood of detection evasion and is most likely applied in a targeted attack, for instance, Armadillo (Almgren et al., 2015).

IceFog

This has been a persistent threat commonly I South Korea and Japan since 2011. On the occurrence of icefog attacks, various malicious tools and backdoors are applied to the machines of the victims for exfiltration of data and enhancing lateral movement. Icefog attacks significantly employ spear-phishing e-mails that attempt to convince the victim to open a malicious website or attachment (Sari, 2019).

Downloaders/Droppers

They are not malicious and may not be persistent on the system. A downloader could probably download the payload depicted as malicious as a file that is encrypted or the malicious code could be decrypted by dropper being carried hence carrying out the execution (Almgren et al., 2015).

Malware evasion techniques classification and ranking in disaster recovery documentation

Several ways can be used in the classification and ranking of these techniques in a disaster recovery documentation.

Polymorphism

This is classified and ranked on the ability of the malware to change continually and features adaptation to avoid detection. This entails malware nutation with a code that is self-propagated to improve continuously by the use of encryption for hiding their systems.

Metamorphism

This is classification and ranking according to the malware code and signature changing capability with every single interaction. This is ranked highest since they're considerably advanced as compared to polymorphic malware or typical malware.

Stealth

This is also referred to as code armoring, which entails outlined techniques established by the malware developers in avoiding detection. The ranking in under this technique in disaster recovery documentation includes anti-debugging, anti-disassembly, anti-emulation, among others.

The ability of malware testing against a vast range of software architectures without need extensive lab resources can't be understated. Currently, studying of infected machines and observation is enhanced accurately without malware environment disturbance. Virtualization isn't perfect, but it has raised the bar on malware developers. They can still conduct detection of various virtualizations forms, although it's becoming complicated; consequently, this is significant to virus researchers since malware developers are devising better methods for obfuscation of their creations constantly (Giuffrida et al., 2018).

Conclusion

The techniques applied by malware developers in disguising their codes and analysis prevention include IceFog, UPX, Armadillo, eXclusive OR, among others. The malicious developers are up to the protection of the encrypted system with the provision of strategies on virus scanning. As a result, there is decryption by an engine. In other cases, payload encryption every single time there is worm duplication and network propagation, for malware developers to avoid being detected by automated analysis systems, they use to approaches that are hiding malware behind the mouse an applying the "sleep" technique to avoid being discovered (Sari, 2019).

References

Almgren, M., Gulisano, V., & Maggi, F. (2015). Detection of intrusions and malware, and vulnerability assessment: 12th International Conference, DIMVA 2015, Milan, Italy, July 9-10, 2015, proceedings. Springer.

Giuffrida, C., Bardin, S., & Blanc, G. (2018). Detection of intrusions and malware, and vulnerability assessment: 15th International Conference, DIMVA 2018, Saclay, France, June 28–29, 2018, proceedings. Springer.

Sari, A. (2019). Applying methods of scientific inquiry into intelligence, security, and counterterrorism. IGI Global.