Tom Brosch and Maik Morgenstern: Runtime Packers: The Hidden Problem?
MP3•בית הפרקים
Manage episode 156449622 series 1189490
תוכן מסופק על ידי Black Hat and Jeff Moss. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Black Hat and Jeff Moss או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
"Runtime packers are a widely-used technique in malware today. Virtually every Win32 malware added to the WildList as well as ad- and spyware is packed with one or another runtime packer. Not only can they turn older malware into new threats again, but they might also prevent AV vendors from using more generic approaches and therefore requiring more work, which possibly generates more errors or broken updates, unless the product is able to handle all the different runtime packers out there. Yet, there aren't any comprehensive tests of runtime packer capabilities in AV products so far. We use a testset of more than 3000 runtime-packed files (with different packers, versions, compression options) to determine how well-equipped today's AV software is in dealing with these types of threats. In this presentation, we'll not only discuss the aspects of handling and detecting runtime packed malware, but also have a look into other problems that come along. These include false positives, crashes and the very slow scanning speeds seen in way too many products. Lastly, we will give an overview of the current situation, try to specify reasons for the results we got and show what should and could be done in the future."
…
continue reading
85 פרקים