The New ApproachīitNinja Server Security experimented with this topic a lot and developed a brand new detecting method which is not like any other solution found on the market currently. The problem is that you can’t tell whether obfuscated codes are malicious or not because of the unreadability. It is usually used for check out codes, banking, licensing, etc.
#HOW TO CHECK FOR MALWARE ON ANDROID REDDIT CODE#
The obfuscated code will give the exact same result as the original code, however this way the source code will not be readable for human eyes. Obfuscation means converting a clean code into a new one. Hackers know it, that’s why this new malware type is getting into the foreground. The rule-based detection techniques try to fix the problems of the classic pattern matching mechanism, but we found out that it’s actually a pattern-matching just with a little steroid and it still has disadvantages (difficulty of writing new rules, high false-positive rate, etc).Īll the above-mentioned techniques are ineffective against detecting obfuscated malware. Yara is specially built to write rule-based signatures and it is widely used by cyber defense systems. It’ll be the same code and will run the same way but you can avoid the detection. When the hacker knows that you use pattern matching detection mechanisms, they can try to change the code. You can expect a high false-positive rate but also the false-negative rate is pretty high at the same time. The pattern matching has a lot of disadvantages.
For example, find the “eval” word in the file. This technique is based on creating some strings and trying to match it on the file. It is enough to change 1 byte, for example, add a space and the hash will be completely different so anti-malware tools won’t recognize it. Hackers realized that it’s quite easy to find the backdoors with these detection methods. The most well-known hashing techniques are MD5 and SHAx. Every time the code is the same, it’ll generate the same hash from that code. With hashing function, you can give a string or a file and it’ll generate a fixed-length string. That’s why a similar, but a faster solution was created. However, finding exact matches between the collection of clean malware code and the files is very resource hungry.
0 kommentar(er)
