Security research and products giant Kaspersky Lab have been presented a new patent on a technology which will unveil destructive files trying to hide with unique re-packing methods.
Kaspersky Labs has provided the example of Adobe Flash Player exploit, where harmful files strategize detection by security products by re-packing by destructive file or inserting “trash” instructions into them.
The exploits were re-packed for every different user in some case, and that means victim would be hit with a different detective file. It results the process of detection by traditional methods suffer immensely. To detect such malware quickly, A patented technology was developed.
The patented technology at this stage, focus mainly on the detection of malicious files created by ActionScript frameworks and.Net
“This kind of hash-sum is referring not only to a certain file, but a group of files is very useful because it can be easily integrated into automatic detection systems and allows detection of numerous objects with a single record. In the long term, such hash-sums can be created for other types of malicious files that use virtual stack machines.” Said Alexander Liskin, co-author of this technology and Heuristic Detection Group Manager at Kaspersky Lab.
“It is worth mentioning that applying these hash-sums has achieved significant results in the field of detection of SWF exploits, which are the most popular type at the moment. Due to the implementation of such a technology service for SWF exploits, auto-detecting has also been put into operation.” Said Anton Ivanov, co-author of this technology and Senior Malware Analyst at Kaspersky Lab.