Home 0P3N Blog Understanding Unpredictable Threats: Advanced Malware
Ready to Start Your Career?
Create Free Account
strainer s profile image
By: strainer
July 26, 2017

Understanding Unpredictable Threats: Advanced Malware

By: strainer
July 26, 2017
strainer s profile image
By: strainer
July 26, 2017
 

Unpredictable Threats – Advanced Malware

By: Art Rebultan

How do you think a traditional, signature-based anti-malware can detect unpredictable threats like Polymorphic, Metamorphic and Cross-Platform malware? This advanced malware has the same destructive functionalities from any of the commonly known malware; Trojan, Worm, Virus, Keylogger, Ransomware, Bot, Adware, Rootkit, and Spyware.PolymorphicWhile maintaining its function, the constantly changing its identifiable features in order to evade detection is what makes an anti-malware difficult to catch Polymorphic (“morph”) malware. File names and types (jpg, doc, xls, pdf, exe, etc.) or encryption keys also changes to make the malware unrecognizable by antivirus that uses many detection techniques.MetamorphicI personally call this malware as a “transformer” as it can transform base on the ability to translate, edit, and rewire its own code. Thus, the signature is also changing. The difference of this to Polymorphic is the latter is encrypted on its original code to evade anti-malware detection and has the function to decryption itself.Cross-Platform MalwareWrite once, infect anywhere. This is the ability of the Cross-platform malware where it is designed to run on different platforms like Windows, Macintosh, Linux, Android, or iOS. This malware disguises as a Trojan and commonly written in Java.

 

Counter-Measures

  1. Install the next generation Antivirus.
  2. Heard about EDR tool? 70% of the AV misses are detected. And expensive. Will cover this soon.
  3. Regular scanning of updated anti-malware. Use other free tools. Healthy paranoia.
  4. Disable Javascript snippets on the web browser. This is a common entry point of exploit to user’s system.
  5. Don’t fall into Phishing and social media survey scams. Always check if the web site is HTTPS.
  6. Always do a clean backup of your important data to external hard drive or another computer.
  7. Security awareness is the best protection. Always read current events on cyber security.
Schedule Demo

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry