Oct 24
2011
By David French,
CERT Senior Researcher
Malware,
which is short for “malicious software,” is a growing problem for
government and commercial organizations since it disrupts or denies
important operations, gathers private information without consent, gains
unauthorized access to system resources, and other inappropriate
behaviors. A previous blog post
described the use of “fuzzy hashing” to determine whether two files
suspected of being malware are similar, which helps analysts potentially
save time by identifying opportunities to leverage previous analysis of
malware when confronted with a new attack. This posting continues our
coverage of fuzzy hashing by discussing types of malware against which
similarity measures of any kind (including fuzzy hashing) may be
applied.
Read more...
Sep 19
2011
By Sagar Chaki, Senior Member of the Technical Staff
Research, Technology, and System Solutions
Malware,
which is short for “malicious software,” consists of programming aimed
at disrupting or denying operation, gathering private information
without consent, gaining unauthorized access to system resources, and
other inappropriate behavior. Malware infestation is of increasing
concern to government and commercial organizations. For example,
according to the Global Threat Report from
Cisco Security Intelligence Operations, there were 287,298 “unique
malware encounters” in June 2011, double the number of incidents that
occurred in March. To help mitigate the threat of malware, researchers
at the SEI are investigating the origin of executable software binaries
that often take the form of malware. This posting augments a previous posting
describing our research on using classification (a form of machine
learning) to detect “provenance similarities” in binaries, which means
that they have been compiled from similar source code (e.g., differing
by only minor revisions) and with similar compilers (e.g., different
versions of Microsoft Visual C++ or different levels of optimization).
Read more...
Mar 28
2011
By David French,
CERT Senior Researcher
Malware—generically defined as software designed to access a
computer system without the owner’s informed consent—is a growing
problem for government and commercial organizations. In recent years,
research into malware focused on similarity metrics to decide whether
two suspected malicious files are similar to one another. Analysts use
these metrics to determine whether a suspected malicious file bears any
resemblance to already verified malicious files. Using these metrics
allows analysts to potentially save time, by identifying opportunities
to leverage previous analysis. This post will describe our efforts to
develop a technique (known as fuzzy hashing) to help analysts determine
whether two pieces of suspected malware are similar.
Read more...
Mar 21
2011
by William Casey,
CERT Senior Researcher
Malicious
software (known as “malware”) is increasingly pervasive with a constant
influx of new, increasingly complex strains that wreak havoc by
exploiting computers or personal and business information stored therein
for malicious or criminal purposes. Examples include code that is
designed to pilfer personal and digital credentials; plunder sensitive
information from government or business enterprises; or interrupt,
misdirect, or render inoperable computer hardware and
computer-controlled equipment. This post describes our work to create a rapid search capability that allows
analysts to quickly analyze a new piece of malware.
Read more...
Feb 21
2011
By Douglas C. Schmidt,
Chief Technology Officer
In response to a comment on my initial post
introducing the SEI blog, I wanted to provide some additional
information on new and upcoming SEI research initiatives. In this post, I
describe these areas, and include a “sneak preview” of upcoming blog
postings in each area.
Read more...
Recent Comments