Hi, Current malwares are dependent on a lot of factors if they want to be a bit stealthy: OS version, CPU type, network card model, some specific software version installed or not, time, network environment... Finding a common behaviour and detecting families efficiently would be akin to construct a symbolic equation of the malware family and testing the binary for this model.
Current automated malware testbeds do not go that far, they have one function: determining if a binary is dangerous or not. They do not analyze the binary, but its effect on the environment: network calls, DNS requests, files and registry keys created. Cheers, Geoffroy On Tue, Nov 25, 2014 at 2:34 PM, Sashank Dara <krishna.sash...@gmail.com> wrote: > Hi , > > Am curious if we can study sophisticated metamorphic and polymorphic > malwares of current day in terms of langsec ? > > Classic File hashes like MD5, SHA etc are no longer helping in identifying > malware programs that are mutating . So current research is around using > control flow graphs or structural properties or feature vectors in order to > identify malware files belonging to similar family. > > how can we identify two (or more) programs that produce same malicious > affect , say using theory of computer science and lang sec principles > > Regards, > Sashank > http://lnkd.in/88sgfr > > _______________________________________________ > langsec-discuss mailing list > langsec-discuss@mail.langsec.org > https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss > -- http://geoffroycouprie.com/em http://pilotssh.com https://leanpub.com/ScalaOnAndroid/ _______________________________________________ langsec-discuss mailing list langsec-discuss@mail.langsec.org https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
