Ask the Expert

Can regional banking Trojans hide from signature-based antivirus?

I've read that region-focused banking Trojans are less likely to be discovered by antimalware programs. Why is that?

    Requires Free Membership to View

Region-focused malware exploits one of the most significant limitations of traditional signature-based antimalware software, and these banking Trojans, or customized malware, are just one type of malware that is exploiting this limitation. The limitation is that malware traditionally must be analyzed and signatures created in order for detection to take place. Customized malware has traditionally been the most difficult to detect because the signature for the malware is constantly changing to target specific regions or specific banks, or because of the small number of websites the malware covers is not being reported to antimalware vendors at all. Targeting a new bank may not fundamentally alter the malware if the malware is modular, but if a new type of attack or significant change is made to the malware, this can impact how easily it can be detected by signature-based antivirus.

This limitation in detecting new, customized or targeted malware may be changing though, as antimalware software is including more behavioral-detection capabilities in its core functionality. Antimalware has included heuristic functionality for many years, but the recent advancements in behavioral detections are a significant improvement over heuristic detection. The behavioral detections can be more generic than traditional signatures because the antimalware software can find malicious behavior -- such as programs accessing saved passwords or sending passwords to an external website -- and then potentially block it or detect as malicious the file(s) being used by the malware to access passwords and quarantine them.

This was first published in July 2010

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: