Entries Tagged as 'Malware '

The Latest Research from the SEI

Insider Threat , Malware No Comments »

By Douglas C. Schmidt
Principal Researcher

Douglas C. SchmidtAs part of an ongoing effort to keep you informed about our latest work, I would like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in quantifying expert judgment, insider threat, detecting and preventing data exfiltration, and developing a common vocabulary for malware analysts. This post includes a listing of each report, author(s), and links where the published reports can be accessed on the SEI website.

Read more...

Semantic Comparison of Malware Functions

Binaries , Malware No Comments »

By Sagar Chaki,
Senior Member of the Technical Staff
Research, Technology & System Solutions

Sagar ChakiA malicious program disrupts computer operations, gains access to private computational resources, or collects sensitive information. In February 2012, nearly 300 million malicious programs were detected, according to a report compiled by SECURELIST. To help organizations protect against malware, I and other researchers at the SEI have focused our efforts on trying to determine the origin of the malware. In particular, I’ve recently worked with my colleagues—Arie Gurfinkel, who works with me in the SEI’s Research, Technology, & System Solutions Program, and Cory Cohen, a malware analyst with the CERT Program—to use the semantics of programming languages to determine the origin of malware. This blog post describes our exploratory research to derive precise and timely actionable intelligence to understand and respond to malware.

Read more...

Writing Effective YARA Signatures to Identify Malware

CERT , Malware 3 Comments »

By David French
Senior Malware Researcher
CERT

David FrenchIn previous blog posts, I have written about applying similarity measures to malicious code to identify related files and reduce analysis expense. Another way to observe similarity in malicious code is to leverage analyst insights by identifying files that possess some property in common with a particular file of interest. One way to do this is by using YARA, an open-source project that helps researchers identify and classify malware. YARA has gained enormous popularity in recent years as a way for malware researchers and network defenders to communicate their knowledge about malicious files, from identifiers for specific families to signatures capturing common tools, techniques, and procedures (TTPs). This blog post provides guidelines for using YARA effectively, focusing on selection of objective criteria derived from malware, the type of criteria most useful in identifying related malware (including strings, resources, and functions), and guidelines for creating YARA signatures using these criteria.

Read more...

Modeling Malware with Suffix Trees

CERT , Malware No Comments »

By Will Casey
Senior Researcher
CERT

Will CaseyThrough our work in cyber security, we have amassed millions of pieces of malicious software in a large malware database called the CERT Artifact Catalog. Analyzing this code manually for potential similarities and to identify malware provenance is a painstaking process. This blog post follows up our earlier post to explore how to create effective and efficient tools that analysis can use to identify malware.

Read more...

A Summary of Key SEI R&D Accomplishments in 2011

Acquisition , Agile , Architecture Documentation , Binaries , Cyber-physical Systems , Fuzzy Hashing , Handheld Devices , Malware , Measurement & Analysis , Resilience Management Model (RMM) , Safety-Related Requirements , Security-Related Requirements , Software Cost Estimates , Team Software Process (TSP) , Technical Debt 1 Comment »

By Douglas C. Schmidt
Chief Technology Officer

Douglas C. SchmidtA key mission of the SEI is to advance the practice of software engineering and cyber security through research and technology transition to ensure the development and operation of software-reliant Department of Defense (DoD) systems with predictable and improved quality, schedule, and cost. To achieve this mission, the SEI conducts research and development (R&D) activities involving the DoD, federal agencies, industry, and academia. One of my initial blog postings summarized the new and upcoming R&D activities we had planned for 2011. Now that the year is nearly over, this blog posting presents some of the many R&D accomplishments we completed in 2011.

Read more...