< Back to previous page

Publication

Advanced or not? A comparative study of the use of anti-debugging and anti-VM techniques in generic and targeted malware

Book Contribution - Book Chapter Conference Contribution

Malware is becoming more and more advanced. As part of the sophistication, malware typically deploys various anti-debugging and anti-VM techniques to prevent detection. In this paper, we investigate the use of anti-debugging and anti-VM techniques in modern malware, and compare their presence in 16,246 generic and 1,037 targeted malware samples (APTs). As part of this study we found several counter-intuitive trends. In particular, our study concludes that targeted malware does not use more anti-debugging and anti-VM techniques than generic malware, although targeted malware tend to have a lower antivirus detection rate. Moreover, this paper even identifies a decrease over time of the number of anti-VM techniques used in APTs and the Winwebsec malware family.
Book: ICT Systems Security and Privacy Protection
Pages: 323 - 336
ISBN:978-3-319-33629-9
Publication year:2016
BOF-keylabel:yes
IOF-keylabel:yes
Authors from:Higher Education
Accessibility:Open