Exploiting an antivirus interface

Abstract

We propose a technique for defeating signature-based malware detectors by exploiting information disclosed by antivirus interfaces. This information is leveraged to reverse engineer relevant details of the detector’s underlying signature database, revealing binary obfuscations that suffice to conceal malware from the detector. Experiments with real malware and antivirus interfaces on Windows operating systems justifies the effectiveness of our approach.

DOI: 10.1016/j.csi.2009.04.004

Extracted Key Phrases

3 Figures and Tables

Cite this paper

@article{Hamlen2009ExploitingAA, title={Exploiting an antivirus interface}, author={Kevin W. Hamlen and Vishwath Mohan and Mohammad M. Masud and Latifur Khan and Bhavani M. Thuraisingham}, journal={Computer Standards & Interfaces}, year={2009}, volume={31}, pages={1182-1189} }