Techniques used by Malware Developers to Disguise their Code
Name
Course
Instructor’s Affiliation
Submission Date
Techniques used by Malware Developers to Disguise their Code
Introduction
Every day there are between 300,000 and a million new malware the industry has to deal with. The malware developers are busy coming up with new modifications of the existing malware to execute their needs. In most of the cases, the malware developers use the already existing strands of the malware to modify and disguise the systems they are working in. This is achieved by changing the techniques they use to disguise the codes (Wallace & Weber, 2018). Executing the codes in their normal forms or the original states may lead to their discovery by the systems they are meant to attack. They, therefore have come up with techniques at each wake to counter the various security and encryptions in place including signatures. Some of the most commonly used techniques are; obfuscating internal data, timing-based evasion, confusing automated tools, and environmental awareness (Bisson, 2015).
Body
Obfuscating is one of the techniques that has gained popularity in the industry. Using this technique, the malware developer creates makes the code run in codes that can hardly be recognized by the security analysis system or the antivirus in place. As such, they use other techniques like dead-code execution. This technique inserts another set of instructions to the code that change its behavior, but still maintaining its original structure (Andrea, 2018). Register reassignment is another commonly used obfuscating technique that keeps changing and reassigning registers from generation to generation while maintaining the original structure of the code, as it awaits execution time.
Timing-based evasion uses the host’s timing to execute. The malware analyzes the system downtime and gets to know the various times it could execute without being discovered by the antivirus in place or the security analysts. The actions of the user dictate the behavior of the malware. For instance, it could open a window following a previous infection and then waits for the user to take a step. This timing could be done by monitoring the actions closely and launching in incognito mode.
Environmental awareness helps the malware analyze the environment in which it is working. This includes the virtual networks, hardware, and security systems in place. They try to search for a sandbox in the system and use it to attack the entire system. Last but not the least technique used is confusing the automated tools (Nachreiner, 2017). Here, the malware developers use a series of codes to confuse the automated security tools such as signature-based antivirus software. They make several codes that are similar to the codes under execution confusing the existing security systems.
Conclusion
These four threats pose a huge challenge to the security of the hardware. The biggest challenge is in the way these various malwares change with the environment they find themselves in and the various tools used to disguise the codes. These techniques are way too invasive for a system and could be hazardous to a system if they are not discovered and analyzed early enough. There is a dire need for having these security threats monitored as they could be used to bring the entire system down. Obfuscating the internal data being the most dangerous tool in use should be monitored closely for the safety of the system, as well as having the systems ready for the invasion at any time.
References
Andrea, F (2018) Malware hiding and evasion techniques. Just some Random Thoughts about the Meaning of Life, the Universe, and Everything. Retrieved from https://www.andreafortuna.org/2018/02/12/malware-hiding-and-evasion-techniques/
Bisson, D (2015) The Four most Common Evasive Techniques used by Malware. The State of Security. Retrieved from https://www.tripwire.com/state-of-security/security-data-protection/the-four-most-common-evasive-techniques-used-by-malware/
Nachreiner, C (2017) How Hackers hide their Malware: The Basics. Darkreading. Retrieved from: https://www.darkreading.com/how-hackers-hide-their-malware-the-basics/a/d-id/1329722
Wallace, M., & Webber, L. (2018). The disaster recovery handbook: a step-by-step plan to ensure business continuity and protect vital operations, facilities, and assets. New York, NY: AMACOM.