≡ Menu

How Do Anti-malware Software Work?

Did you know that new malicious software (malware) is created every second? Significantly, most of these new viruses are becoming more and more sophisticated as technology advances in time, threatening not only corporations, but also government-run agencies. For instance, the recent attack on South Korea compromised local banks and critical networks. In addition, the New York Times data breach last January 2013 exposed thousands of confidential employee records. To prepare your company for these kinds of threats, it’s critical to understand how an anti-malware really works. Here are 7 ways to explain it:

Size Comparison

One of the most basic ways to know if a file is malicious or not is by looking at its file size. Cybercriminals usually add malicious codes to the end of the files they wish to infect, making bad files bulkier that good ones. Anti-malware software compares the originals to these altered files during scanning. When no recorded modification was organically made to the files being analyzed, scanners will consider these files as malicious.

Blacklisting

When an anti-malware detects a bad file, it saves the discovered nature of this malware into a database such that when it tries to enter the network again, it will be automatically blocked. There are sites that provide details and statistics about threats like Trend Micro’s Threat Encyclopedia and Open Source Security Foundation.

Whitelisting

As oppose to blacklisting, whitelisting saves good files to to prevent unauthorized programs from running in the system being analyzed. The goal is to protect computers and networks from harmful applications by using lesser resources. Hackers usually leverage this antivirus method by posing as a good file to penetrate target network.

Pattern Matching

Every malware has a “signature” that they use to infect target computer.  This “signature” can be in different forms. It can be a group of assembly codes that overwrites the stack pointer to jump to a new line of code and pose as a safe code. It can also be a series of commands that throw an error in a common application or a virtual office. Regardless of what “signature” a malware has, most viruses leverage a vulnerability found on the target operating system or web application to execute an exploit and deploy system level commands of destruction. To know if these kinds of malware are present in your network, antivirus software solutions check a comprehensive database of known exploits, malware signatures and vulnerabilities. Microsoft weekly releases vulnerability patches for security companies to use.

Injection Detection

Malware writers sometimes inject code into programs and web applications. For example, there are software updates that are not really legitimate, but they look like they are. When an unsuspecting user deploys these updates, they will “accidentally” install a malicious program. These kinds of attacks typically inject codes into dead regions of documents or files, and use a jump to go to the malicious code.

Hashing Method

Some anti-malware solutions analyze files or programs byte per byte. It stores every single hash in your system to detect discrepancies. This way, even byte-level malicious changes in your system can be easily detected.

Advanced Persistent Threats (APTs) Detection

There’s a new category of threats threatening enterprises today: targeted attacks APTs. These kinds of threats are more sophisticated than traditional anti-malware. Targeted attacks aggressively pursue and compromise specific targets to gain control of a company’s computer system for a prolonged period of time. It’s “advanced” because only technically adept cybercriminals can execute it through comprehensive in-depth research. It’s “persistent” because it’s typically done in phases using multiple vectors in repeated attacks. APT campaigns goal is loftier than infecting a network—it seeks system access to steal mission-critical data or actual money. These kinds of threats are usually detected through a custom defense based on local network intelligence.

Author Bio:- The article was prepared by Nancy in collaboration with Rincentral VOIP Services. This mother and freelance writer would love to connect with you through your comments.

{ 1 comment… add one }
  • MK Sam

    July 4, 2013, 9:53 pm

    I think Malware Protection is more important now a day because every second Software got type of it. thanks for writing an awesome Article, loved reading your articles today.

    Reply

Leave a Comment