Thursday, May 3, 2012

Malware Design Strategies (Part 1) - Virus Bulletin

Our paper on "Malware Design Strategies (Part 1)" just got published in the may edition of virus bulletin magazine. In this paper,  we discuss some of the different techniques that are used by present-day malware to circumvent protection mechanisms. This paper delves into some of the most widely used tactics by malware to bypass protection solutions and to detect the presence of other type of malware in the system. In part 1 of this paper, we talk about following methods

1. Detection of windows x86 emulator for running 32 bit dlls on x64 bit systems.

2. Detailed information about various tactics of VM  code detection using memory, registry, Virtual
   Machine Configuration Interface (VMCI), Media Access Control (MAC), system processes etc.
   These  methods are typically used to design anti VM code.

3 DLL injections using Asynchronous Procedure Call (APC)

4. Mutex based detection

5. Explicit run time linking to verify the presence of specific DLLs.

For complete details fetch the paper (require subscription) from -

We will be continuing our discussion in the part 2 of this paper.