Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

How to Identify Malware in a Blink

When a new disease surfaces among humans or animals, the first thing we notice are the patterns of spread – not the structure of its DNA.  

When a new disease surfaces among humans or animals, the first thing we notice are the patterns of spread – not the structure of its DNA.  

Let me use a few examples to explain what I mean. Take two random and unknown diseases, and say that you notice that almost everybody with the first disease was in contact with another infected person, while almost everybody with the second one ate spinach very recently. You already know something about how these two diseases’ patterns of spread, don’t you? Identifying Malware


Take the first disease now. Everybody who got it became ill three to five days after the infected person they know became ill, and everybody who got it kissed somebody who also got it. You know something about the incubation time and the way the disease transmits now, right? 


It may take months after people know how to minimize their risks of becoming infected before pharmaceutical companies have succeeded in understanding the structure of the virus or bacteria, and started to develop a cure. 


Why do we treat malware epidemics like we were pharmaceutical companies? 


Advertisement. Scroll to continue reading.

To deal with malware epidemics, we build honey-pots, collect potentially malicious code, observe the code execute in sandboxes, and try to reverse-engineer the code. Why do we not simply observe how it spreads? 


Time for some examples again. Say that we have inferred that some collection of machines is infected. (We may know because we observed anomalous or criminal behavior, or because we ran a software-based attestation method.)


Say that the infected devices are mostly in geographical proximity of each other. Could it be a Bluetooth virus? Or say that the device owners are unusually tightly connected over social networks. Maybe it spreads using email or MMS? Does the infection spread like wildfire? Maybe not a Trojan then! All infected devices run the same version of the same operating system. What does that tell us?


Once we have classified the problem, we are halfway there. We know where countermeasures need to be applied. 


A Bluetooth virus needs a patch – but only for devices in the affected area. Malware propagated by MMS can be slowed down by filtering or delaying suspect messages. Trojans can be fought using cloud-based whitelisting and blacklisting methods. And if we know the operating system and version, we know something about the vulnerability. 


The faster we can react to outbreaks, the better off we are. As the pace of malware evolution increases, we need to keep up. If we do not, we are asking for trouble. 


Related Column By Markus Jakobsson: Looking for Malware in All the Wrong Places

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.