. Malware Authors Employ Variety to Evade Security Detection - MajorGeeks

MajorGeeks.com - Helping you void your warranty since 2002.

All In One Tweaks

Antivirus & Malware

Drives (SSD, HDD, USB)

Graphics & Photos

MajorGeeks Windows Tweaks

Office & Productivity

· How To and Tutorials
· Life Hacks and Reviews
· Way Off Base
· MajorGeeks Deals
· News
· Off Base
· Reviews

· YouTube
· Facebook
· Instagram
· Twitter
· Pintrest
· RSS/XML Feeds

· News Blur
· Yahoo
· Symbaloo

· Top Freeware Picks
· Malware Removal
· Geektionary
· Useful Links
· About Us

· Copyright
· Privacy
· Terms of Service
· How to Uninstall

1. Smart Defrag

2. Macrium Reflect FREE Edition

3. Visual C++ Redistributable Runtimes AIO Repack

4. K-Lite Mega Codec Pack

5. Visual C++ Runtime Installer (All-In-One)

6. Sergei Strelec's WinPE

7. McAfee Removal Tool (MCPR)

8. MusicBee Portable

9. Microsoft Visual C++ 2015-2022 Redistributable Package

How to Create a Desktop Shortcut

What is a WebP Image?

How to Manage Virtual Memory (Pagefile) in Windows 10 /11

Enable, Disable, Manage, Delete or Create a System Restore Point

Backing Up Your Data Effectively: A Geek's Guide

How to Properly Use Microsoft System File Checker in Windows 11 and 10

Show Your Support for MajorGeeks a Donation

Resolving Strange PC Errors: The Role of RAM in System Performance

How to Fix Critical Process Died in Windows 10/11

Every Known Windows Terminal, Command Prompt and PowerShell Command

Malware Authors Employ Variety to Evade Security Detection

Posted by: Timothy Tibbetts on 09/02/2013 07:52 AM [ Comments ]

In Arvind Gowda's blog at McAfeee he discussed procedure prologue and procedure epilogue techniques to evade security systems. They now have come across one more set of fake-alert samples that use a different technique to evade detection.

This technique is related to the dynamic loading of a library at runtime.

Dynamic Loading

Dynamic loading is a mechanism by which a program loads a library into memory at runtime so that the addresses of the functions and variables contained in the library can be executed or accessed. Dynamic loading is done using an API LoadLibrary, which takes a string argument (the name of the library to be loaded).

The following screenshot is a typical LoadLibrary code with argument.

Malware authors are always searching for new techniques to evade detection, but eventually their techniques are discovered and blocked by security researchers. McAfee detects all the variants that use these techniques.

Comments

comments powered by Disqus

© 2000-2024 MajorGeeks.com

Powered by Contentteller® Business Edition