Software is a set of programs which constitute
the set of instructions. Operating systems, device drivers, network
infrastructure, database management systems, executable commands on web pages
are examples of software programs which are built for various useful purposes.
There are also programs which are created to attack the computing system. Such
programs violating a computer system’s security policy in terms of confidentiality,
integrity and availability of data are called as bad programs or malwares. Malwares
cause serious security vulnerabilities in various applications like education,
communication, hospitals, banking, entertainment etc.
Initially, the common term spread
towards malware is ‘computer viruses’. It can add, change or remove any program
from the system to intentionally harm the system’s functions. The programmers
who write malicious code are called as malware writers or authors. These
programmers write programs with the intention to steal or manipulate some private
data from the system, degrading its capabilities, or using the device to launch
cyber-attacks on other systems. While other forms of malware arrived into scene
due to the increased advancements in internets, the prevailing malware variants
such as rootkits, botnets and ransomwares exhibit unknown, targeted, stealthy
and zero day characteristics. Stealing information for financial gains remains
the main objective of targeted attacks.
Different traditional techniques were
used to detect and defend these malwares like Antivirus Scanner, firewalls, etc.
But they are inefficient with the new unknown malwares. Also, there are new (evasion)
techniques capable of evading the traditional signature based techniques.
Recently, the McAfee Labs team identified a new class of malware that allows
cybercriminals to evade digital signature apps validation on both Personal
Computers (PCs) and Android-based devices.
sophisticated variants of
complex and mutating viruses may be metamorphic or polymorphic malwares. Many
new malware families were discovered with improved encryption and anti-detection
techniques to make recognition and elimination a difficult task. The new
malware families are termed as advanced malwares due to their capability to
change their forms and disguise themselves to fool the malware analysts. These
mutant malwares are called as polymorphic malwares. Code obfuscation techniques
are evasion techniques which evade most malware detection approaches to avoid
detection and perform malicious actions. Malware variants perform action
against infection routes and propagation techniques. Malwares propagate by
means of bundled software, freeware, email attachments, malicious websites,
removable or network drives and spam emails. Since the nascent days of the
Internet, email has been the vector of choice for attackers delivering malware
to a target, but that trend is rapidly changing. While email certainly
continues to be a major source of malware, attackers are increasingly turning
to real-time, web-enabled applications to deliver malware that is undetectable
by traditional antivirus solutions. These real-time applications provide
practical and technical advantages for an attacker, and the data shows that
they are disproportionally successful at avoiding traditional antivirus as
compared to email. Currently, security standards lack in Internet of Things
(IoT) devices, adware deploying advanced techniques, file-encrypting ransomware
that can steal user data, and increasing attacks on e-wallet and other online
payment systems. QuickHeal Annual Threat Report reported that Mirai botnet took
advantage of IoT devices in 2016.
Ransomware is a major and rapidly
growing threat at present. Malware analysis should be done irrespective of the
unknown and stealthy malware attack characteristics in order to achieve a
secure information world. This is possible only when efficient malware
detection techniques are employed.
of Windows malware detected by Quick Heal Labs in 2016 is given in figure 1.