Malware Defensive Techniques
One of the most important aspects of a piece of malware is its persistence after reboots
and its longevity. To that end, great defensive measures are taken by attackers to protect a
piece of malware from being detected.
Rootkits
The definition of ???rootkit??? has evolved some, but today it commonly refers to a category
of software that hides itself and other software from system administrators in order to
perform some nefarious task. A good rootkit will provide some form of reboot survivability
and will hide processes, files, registry entries, network connections, and most
importantly, will hide itself.
Gray Hat Hacking: The Ethical Hacker??™s Handbook
500
Chapter 20: Collecting Malware and Initial Analysis
501
PART V
Packers
Packers are used to ???pack??? or compress the Windows PE file format. The most common
packers are
??? UPX
??? ASPack
??? tElock
Protective Wrappers with Encryption
Some hackers will use tools to wrap their binary with encryption using tools like:
??? Burneye
??? Shiva
VM Detection
As could be expected, as more and more defenders have began to use VMware to capture
and study malware, many pieces of malware now employ some form of VM (virtual
machine) detection.
Pages:
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875