FINAL WORD
T
he ‘McAfee Labs Threats Report: June 2017’
discloses how malicious techniques have evolved
over the last three decades with hundreds of
new threats appearing every minute and an increasing
number of security incidents coming to the attention of
the public.
McAfee Inc. has released its ‘McAfee Labs Threats
Report: June 2017’, which examines the origins and inner
workings of the Fareit password stealer, provides a review
of the 30-year history of evasion techniques used by
malware authors, explains the nature of steganography
as an evasion technique, assesses reported attacks
across industries and reveals growth trends in malware,
ransomware, mobile malware and other threats in the
first quarter of 2017.
“There are hundreds, if not thousands, of anti-security,
anti-sandbox and anti-analyst evasion techniques
employed by hackers and malware authors and many of
them can be purchased off the shelf from the Dark Web,”
said Vincent Weafer, Vice President of McAfee Labs.
“This quarter’s report reminds us that evasion has
evolved from trying to hide simple threats executing on
a single box, to the hiding of complex threats targeting
enterprise environments over an extended period of time,
to entirely new paradigms, such as evasion techniques
designed for machine learning based protection.”
30 Years of malware evasion techniques
Malware developers began experimenting with ways
to evade security products in the 1980s, when a piece
of malware defended itself by partially encrypting its
own code, making the content unreadable by security
analysts. The term ‘evasion technique’ groups all the
methods used by malware to avoid detection, analysis
and understanding. McAfee Labs classifies evasion
techniques into three broad categories:
•
•
•
www.intelligentcio.com
Anti-security techniques: Used to avoid detection
by antimalware engines, firewalls, application
containment, or other tools that protect the
environment.
Anti-sandbox techniques: Used to detect automatic
analysis and avoid engines that report on the
behaviour of malware. Detecting registry keys,
files, or processes related to virtual environments
lets malware know if it is running in a sandbox.
Anti-analyst techniques: Used to detect and
fool malware analysts, for example, by spotting
monitoring tools such as Process Explorer or
Wireshark, as well as some process-monitoring tricks,
packers, or obfuscation to avoid reverse engineering.
INTELLIGENTCIO
89