Transcriptase–Light: A Polymorphic Virus Construction Kit

Many websites use JavaScript to display dynamic and interactive content. Hence, attackers are developing JavaScript–based malware. In this paper, we focus on Transcriptase JavaScript malware. The high–level and dynamic nature of the JavaScript language helps malware writers to create polymorphic and metamorphic malware using obfuscation techniques. These types of malware change their internal structure on each infection, making them difficult to detect with traditional methods. These types of malware can be detected using machine learning methods. This project creates Transcriptase–Light, a new polymorphic construction kit. We perform an experiment with the Transcriptase–Light against a hidden Markov model. Our experiment shows that the HMM based detector failed in detecting Transcriptase–Light. After observing the results, we try to detect malware using the decryption part of Transcriptase–Light. To avoid detection, we generate the polymorphic version of the decryption part

FIREFOX ADD-ON FOR METAMORPHIC JAVASCRIPT MALWARE DETECTION

With the increasing use of the Internet, malicious software has more frequently been designed to take control of users computers for illicit purposes. Cybercriminals are putting a lot of efforts to make malware difficult to detect. In this study, we demonstrate how the metamorphic JavaScript malware can effect a victim’s machine using a malicious or compromised Firefox add-on. Following the same methodology, we develop another add-on with malware static detection technique to detect metamorphic JavaScript malware

Assessing Code Obfuscation of Metamorphic JavaScript

Metamorphic malware is one of the biggest and most ubiquitous threats in the digital world. It can be used to morph the structure of the target code without changing the underlying functionality of the code, thus making it very difficult to detect using signature-based detection and heuristic analysis. The focus of this project is to analyze Metamorphic JavaScript malware and techniques that can be used to mutate the code in JavaScript. To assess the capabilities of the metamorphic engine, we performed experiments to visualize the degree of code morphing. Further, this project discusses potential methods that have been used to detect metamorphic malware and their potential limitations. Based on the experiments performed, SVM has shown promise when it comes to detecting and classifying metamorphic code with a high accuracy. An accuracy of 86% is observed when classifying benign, malware and metamorphic files

Hunting For Metamorphic JavaScript Malware

Internet plays a major role in the propagation of malware. A recent trend is the infection of machines through web pages, often due to malicious code inserted in JavaScript. From the malware writer’s perspective, one potential advantage of JavaScript is that powerful code obfuscation techniques can be applied to evade de- tection. In this research, we analyze metamorphic JavaScript malware. We compare the effectiveness of several static detection strategies and we quantify the degree of morphing required to defeat each of these techniques

Malware Analysis on PDF

Cyber-attacks are growing day by day and attackers are finding new techniques to cause harm to their target by spreading worms and malware. In the world of innovations and new technologies coming out every day, it creates a possibility of attacking a system and exploiting the vulnerabilities present in the system. One of the methods used for the spread of malware is the Portable Document Format (PDF) files. Due to the flexible nature of these files, it is becoming a sweet spot for the attackers to embed the malware easily into the PDF files. In this report, we are going to understand this flexibility provided by the PDF development and why the bad actors find it easy to embed viruses or malware into the PDF files. We will then look at how we can develop methods and techniques using python script to identify the malicious files and stop it from harming the systems in your network

JavaScript Metamorphic Malware Detection Using Machine Learning Techniques

Various factors like defects in the operating system, email attachments from unknown sources, downloading and installing a software from non-trusted sites make computers vulnerable to malware attacks. Current antivirus techniques lack the ability to detect metamorphic viruses, which vary the internal structure of the original malware code across various versions, but still have the exact same behavior throughout. Antivirus software typically relies on signature detection for identifying a virus, but code morphing evades signature detection quite effectively. JavaScript is used to generate metamorphic malware by changing the code’s Abstract Syntax Tree without changing the actual functionality, making it very difficult to detect by antivirus software. As JavaScript is prevalent almost everywhere, it becomes an ideal candidate language for spreading malware. This research aims to detect metamorphic malware using various machine learning models like K Nearest Neighbors, Random Forest, Support Vector Machine, and Naïve Bayes. It also aims to test the effectiveness of various morphing techniques that can be used to reduce the accuracy of the classification model. Thus, this involves improvement on both fronts of generation and detection of the malware helping antivirus software detect morphed codes with better accuracy. In this research, JavaScript based metamorphic engine reduces the accuracy of a trained malware detector. While N-gram frequency based feature vectors give good accuracy results for classifying metamorphic malware, HMM feature vectors provide the best results

MATERIALS of the ІІІ International Scientific and Practical Internet Conference “The development of modern science and education: realities, problems of quality, innovations”

UK: Збірник матеріалів ІІІ Міжнародної науково-практичної інтернет конференції «Розвиток сучасної науки та освіти: реалії, проблеми якості, інновації» вміщує результати наукових досліджень науковців, наукових співробітників, викладачів, здобувачів різних рівнів вищої освіти, вчителів з актуальних проблем гуманітарних, природничо-математичних і технічних наук. Напрямки роботи конференції: актуальні питання та проблеми фізико математичних наук; інновації та закономірності розвитку технічних наук;перспективні напрями наукових досліджень з біосистемної агроінженерії,агротехнологій та агроекології; стан, шляхи і перспективи розвитку фізико математичної освіти в умовах сучасних викликів та глобалізаційних змін; використання інноваційних технологій в освітньому процесі як складова. системи забезпечення якості вищої освіти. У конференції брали участь: Таврійський державний агротехнологічний університет імені Дмитра Моторного; Інститут фізики напівпровідників імені В. Є. Лашкарьова НАН України; Технічний університет Дортмунда (Німеччина); ЗАТ «Національний центр ядерних досліджень» Міністерства транспорту, зв’язку та високих технологій Азербайджанської республіки (Азербайджанська Республіка); Інститут іонно-плазмових і лазерних технологій Академії наук Республіки Узбекистан (Республіка Узбекистан); Мариямпольська колегія (Литва)