Abstract
With the exponential growth of malware in the last 5 years, the number of polymorphic malware increased as well. The aim of this paper is to describe the evolution throughout a year of four major malware families (FakeAlert, Sirefef, ZBot and Vundo). The analysis has been made in terms of polymorphic mechanisms with regards to the polymorphic mechanisms (such as changes in the packer module, changes in the geometry of file, variation of version information from the resource directory or different methods used to modify the icon of one file) which have been used in order to avoid their detection by anti-malware systems. The malware files were collected every week throughout one year’s time. For each family we have recorded the new variants and the updates that were added to the old ones in order to avoid detection. We have managed to examine more than 1,000 new versions of such files. The current article includes an additional study case. The latter focuses on the methods that have been used by the FakeAlert malware family in order to modify their icons.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Gupta, A., Kuppili, P., Akella, A., Barford, P.: An empirical study of malware evolution. In Communication Systems and Networks and Workshops, 2009. COMSNETS 2009. First, International, pp. 1–10, jan. (2009)
Iliopoulos, D., Adami, C., Szor, P.: Darwin inside the machines: Malware evolution and the consequencs for computer security. CoRR, abs/1111.2503, 2011
Tonimir, K., Klasic, D., Hutinski, Z.: A multiple layered approach to malware identification and classification problem. In Procceding of the 21st Central European Conference on Information and Intelligent Systems, jul, 2010, pp. 429–433, (2010)
Krause, E.: Taxicab Geometry: an adventure in non-Euclidean geometry. Dover Publications, New York, pp. 1–5 (1987)
McAfee Labs. 2012 threat predictions. Technical report. http://www.mcafee.com/us/resources/reports/rp-threat-predictions-2012.pdf
Microsoft: The evolution of malware and the threat landscape—a 10-year review. Technical report (2012)
Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford-Chen, S., Weaver, N.: Inside the slammer worm. IEEE Secur Priv 1(4), 33–39 (2003)
Juniper Networks: The evolving threat landscape. Technical report. http://www.juniper.net/us/en/local/pdf/whitepapers/2000371-en.pdf (2012)
Srikanth, R.: Mobile malware evolution, detection and defense. pp. 3–13 (2012)
Yan, G., Chen, G., Eidenbenz, S., Li, N.: Malware propagation in online social networks: nature, dynamics, and defense implications. In Cheung, B., S., N, Hui, L., C., K., Sandhu, R., S. and Wong, DS., eds, ASIACCS, ACM, pp. 196–206 (2011)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Barat, M., Prelipcean, DB. & Gavriluţ, D.T. A study on common malware families evolution in 2012. J Comput Virol Hack Tech 9, 171–178 (2013). https://doi.org/10.1007/s11416-013-0192-5
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11416-013-0192-5