Software is a set of programs which constitute
the set of instructions. Operating systems, device drivers, network
infrastructure, database management systems, executable commands on web pages
are examples of software programs which are built for various useful purposes.
There are also programs which are created to attack the computing system. Such
programs violating a computer system’s security policy in terms of confidentiality,
integrity and availability of data are called as bad programs or malwares. Malwares
cause serious security vulnerabilities in various applications like education,
communication, hospitals, banking, entertainment etc.
Initially, the common term spread
towards malware is ‘computer viruses’. It can add, change or remove any program
from the system to intentionally harm the system’s functions. The programmers
who write malicious code are called as malware writers or authors. These
programmers write programs with the intention to steal or manipulate some private
data from the system, degrading its capabilities, or using the device to launch
cyber-attacks on other systems. While other forms of malware arrived into scene
due to the increased advancements in internets, the prevailing malware variants
such as rootkits, botnets and ransomwares exhibit unknown, targeted, stealthy
and zero day characteristics. Stealing information for financial gains remains
the main objective of targeted attacks.
Different traditional techniques were
used to detect and defend these malwares like Antivirus Scanner, firewalls, etc.
But they are inefficient with the new unknown malwares. Also, there are new (evasion)
techniques capable of evading the traditional signature based techniques.
Recently, the McAfee Labs team identified a new class of malware that allows
cybercriminals to evade digital signature apps validation on both Personal
Computers (PCs) and Android-based devices.
Most of the metamorphic or polymorphic
malwares are complex and
mutating viruses. The new malware families are termed as advanced malwares due
to their capability to change their forms and disguise themselves to fool the
malware analysts. These mutant malwares are called as polymorphic malwares.
Code obfuscation techniques are evasion techniques which evade most malware
detection approaches to avoid detection and perform malicious actions. Malware
variants perform action against infection routes and propagation techniques.
Malwares propagate by means of bundled software, freeware, email attachments,
malicious websites, removable or network drives and spam emails. Since the
nascent days of the Internet, email has been the vector of choice for attackers
delivering malware to a target, but that trend is rapidly changing. While email
certainly continues to be a major source of malware, attackers are increasingly
turning to real-time, web-enabled applications to deliver malware that is
undetectable by traditional antivirus solutions. These real-time applications
provide practical and technical advantages for an attacker, and the data shows
that they are disproportionally successful at avoiding traditional antivirus as
compared to email. Currently, security standards lack in Internet of Things
(IoT) devices, adware deploying advanced techniques, file-encrypting ransomware
that can steal user data, and increasing attacks on e-wallet and other online
payment systems. QuickHeal Annual Threat Report reported that Mirai botnet took
advantage of IoT devices in 2016.
Ransomware is a major and rapidly
growing threat at present. Malware analysis should be done irrespective of the
unknown and stealthy malware attack characteristics in order to achieve a
secure information world. This is possible only when efficient malware
detection techniques are employed.