NDLI: A case for malware that make antivirus irrelevant

Content Provider	IEEE Xplore Digital Library
Author	Thamsirarak, N. Seethongchuen, T. Ratanaworabhan, P.
Copyright Year	2015
Description	Author affiliation: Comput. Eng. Dept., Kasetsart Univ., Bangkok, Thailand (Thamsirarak, N.; Seethongchuen, T.; Ratanaworabhan, P.)
Abstract	Most security researchers realize that the effectiveness of antivirus software (AV) is questionable at best. However, people in the general public still use it daily, perhaps for a lack of better alternatives. It is well-known that signature-based detection technique used in almost all commercial and non-commercial AV cannot be completely effective against zero-day malware. Many evaluations conducted by renowned security firms confirm this. These evaluations often employ sophisticated malware, involve elaborated scheme, and require more resources than what is available to an average person to replicate. This paper investigates the creation of simple zero-day malware that can comprehensively exploit hosts and protractedly evade the installed AV products. What we discovered is alarming, but illuminating. Our malware, written in a high-level language using well-documented APIs, are able to bypass AV detection and launch full-fledged exploits similar to sophisticated malware. In addition, they are able to stay undetected for much longer than other previously reported zero-day malware. We attribute such success to the unreadiness of AV products against malware in intermediate language form. On a positive note, a firewall-like AV product that, to a certain extent, incorporates behavioral-based detection is able to warn against our malware.
Starting Page	1
Ending Page	6
File Size	198036
Page Count	6
File Format	PDF
e-ISBN	9781479979615
DOI	10.1109/ECTICon.2015.7206972
Language	English
Publisher	Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Publisher Date	2015-06-24
Publisher Place	Thailand
Access Restriction	Subscribed
Rights Holder	Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subject Keyword	Uniform resource locators Antivirus software evaluation zero-day exploits Malware Software Floods signature-based detection Viruses (medical) Testing
Content Type	Text
Resource Type	Article

Sl.	Authority	Responsibilities	Communication Details
1	Ministry of Education (GoI), Department of Higher Education	Sanctioning Authority	https://www.education.gov.in/ict-initiatives
2	Indian Institute of Technology Kharagpur	Host Institute of the Project: The host institute of the project is responsible for providing infrastructure support and hosting the project	https://www.iitkgp.ac.in
3	National Digital Library of India Office, Indian Institute of Technology Kharagpur	The administrative and infrastructural headquarters of the project	Dr. B. Sutradhar bsutra@ndl.gov.in
4	Project PI / Joint PI	Principal Investigator and Joint Principal Investigators of the project	Dr. B. Sutradhar bsutra@ndl.gov.in Prof. Saswat Chakrabarti will be added soon
5	Website/Portal (Helpdesk)	Queries regarding NDLI and its services	support@ndl.gov.in
6	Contents and Copyright Issues	Queries related to content curation and copyright issues	content@ndl.gov.in
7	National Digital Library of India Club (NDLI Club)	Queries related to NDLI Club formation, support, user awareness program, seminar/symposium, collaboration, social media, promotion, and outreach	clubsupport@ndl.gov.in
8	Digital Preservation Centre (DPC)	Assistance with digitizing and archiving copyright-free printed books	dpc@ndl.gov.in
9	IDR Setup or Support	Queries related to establishment and support of Institutional Digital Repository (IDR) and IDR workshops	idr@ndl.gov.in