What are some techniques to identify malware?

Discussion in 'other software & services' started by Hungry Man, Dec 17, 2011.

Thread Status:
Not open for further replies.
  1. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    I can think of
    Checking a blacklist of hashes
    Heuristic File Analysis
    Heuristic File Emulation
    Heuristic Generic Signature



    What else?
     
  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Digital Signatures
    Popularity of files
    Behaviour analysis
    Multiple engines (online)
     
  3. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,625
    Location:
    USA
    Are we talking about in the context of security vendors? If so it has probably mostly been covered in the first 2 posts. If the question also applies to how do end users identify malware, I guess that would prompt some different responses.

    One question if anyone knows the answer, when I see digital signatures mentioned, and I know more than a few products use this, do we know if these vendors are checking merely for the presence of a digital signature, or if they are checking its validity as well? I have encountered hacked exe files that on first glance say there are digitally signed (as I am sure we all have), but clicked the "Details" button only to find an invalid signature.
     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    In any context.
     
  5. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Two free papers available:
    "Survey of Malware Detection Techniques"
    "Survey on Automated Dynamic Malware Analysis Techniques and Tools"
     
  6. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    Thanks Mr Brian.
     
  7. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    You're welcome :).
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.