What are some techniques to identify malware?

Discussion in 'other software & services' started by Hungry Man, Dec 17, 2011.

Thread Status:
Not open for further replies.
  1. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I can think of
    Checking a blacklist of hashes
    Heuristic File Analysis
    Heuristic File Emulation
    Heuristic Generic Signature



    What else?
     
  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Digital Signatures
    Popularity of files
    Behaviour analysis
    Multiple engines (online)
     
  3. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,047
    Location:
    USA
    Are we talking about in the context of security vendors? If so it has probably mostly been covered in the first 2 posts. If the question also applies to how do end users identify malware, I guess that would prompt some different responses.

    One question if anyone knows the answer, when I see digital signatures mentioned, and I know more than a few products use this, do we know if these vendors are checking merely for the presence of a digital signature, or if they are checking its validity as well? I have encountered hacked exe files that on first glance say there are digitally signed (as I am sure we all have), but clicked the "Details" button only to find an invalid signature.
     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    In any context.
     
  5. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Two free papers available:
    "Survey of Malware Detection Techniques"
    "Survey on Automated Dynamic Malware Analysis Techniques and Tools"
     
  6. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Thanks Mr Brian.
     
  7. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    You're welcome :).
     
Loading...
Thread Status:
Not open for further replies.