Many websites use JavaScript to display dynamic and interactive content. Hence, attackers are developing JavaScript–based malware. In this paper, we focus on Transcriptase JavaScript malware.
The high–level and dynamic nature of the JavaScript language helps malware writers to create polymorphic and metamorphic malware using obfuscation techniques. These types of malware change their internal structure on each infection, making them difficult to detect with traditional methods. These types of malware can be detected using machine learning methods.
This project creates Transcriptase–Light, a new polymorphic construction kit. We perform an experiment with the Transcriptase–Light against a hidden Markov model. Our experiment shows that the HMM based detector failed in detecting Transcriptase–Light. After observing the results, we try to detect malware using the decryption part of Transcriptase–Light. To avoid detection, we generate the polymorphic version of the decryption part