Scanner identifies malware strains, could be future of AV
Posted on 24.05.2013
When it comes to spotting malware, signature-based detection, heuristics and cloud-based recognition and information sharing used by many antivirus solutions today work well up a certain point, but the polymorphic malware still gives them a run for their money.

At the annual AusCert conference held this week in Australia a doctorate candidate from Deakin University in Melbourne has presented the result of his research and work that just might be the solution to this problem.

Security researcher Silvio Cesare had noticed that malware code consists of small "structures" that remain the same even after moderate changes to its code.

ďUsing structures, you can detect approximate matches of malware, and itís possible to pick an entire family of malware pretty easily with just one structure,Ē he shared with CSO Australia.

So he created Simseer, a free online service that performs automated analysis on submitted malware samples and tells and shows you just how similar they are to other submitted specimens. It scores the similarity between malware (any kind of software, really), and it charts the results and visualizes program relationships as an evolutionary tree.

If a sample has less then 98 percent similarity with an existing malware strain, the sample gets catalogued as a completely new strain.

According to the website, Simseer detects malware's control flow, which changes much less than string signatures or similar features, and polymorphic and metamorphic malware variant usually share the same control flow.

It runs on an Amazon EC2 cluster with a dozen or so virtual servers, and is "fed" by Cesare every night with gigabytes of malware code downloaded from other free sources such as VirusShare.

So far, Simseer has identified more than 50,000 strains of malware, and the number keeps growing. Cesare is still working on perfecting the service, and hopes it helps malware analysts with their research. For now, its use is free of charge to anyone.

It's interesting to note that the service is capable of more than just detecting and cataloguing malware samples. As said before, it works on any kind of software, and can be used for plagiarism and software theft detection, as well as incident response.









Spotlight

How to keep your contactless payments secure

Posted on 19 September 2014.  |  Fraudsters can pickpocket a victimís financial data using low-cost electronics that can fit into a rucksack. Here are the top security threats you should be aware of if youíre using a RF-based card, along with our top safety tips to keep your payments secure.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //