I've read about malware that attempts to avoid automated analysis by antivirus programs by waiting to run malicious...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
code until user input (the mouse) is active. Could you provide some info on these malware evasion techniques? Should I be concerned that my antivirus product isn't picking up on such threats?
Ask the Expert
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)
As the war against malware continues to evolve, malware developers are increasingly using professional software development methods and continue adding in new evasion techniques to prevent their malware from being detected. Malware writers have included antivirtual machine detection in their tool chests since at least 2006 to prevent researchers from analyzing their malware and developing signatures for detection and prevention. Automated anti-malware tools also use virtual machines for analysis to block the malware. Some malware is now checking for mouse activity to prevent analysis. As an example of why such techniques could be valuable to attackers, malware could check to confirm it can reach the command-and-control infrastructure prior to activation.
Endpoint anti-malware tools do not necessarily need to detect if there is mouse activity while checking for malware, but the researchers at the anti-malware vendors need to be able to analyze the malware to develop signatures or methods to detect the malware. Once a signature or detection method is created, it can be used to prevent malware from potentially executing on the endpoint before checking for mouse activity. If the anti-malware research teams are not picking up on these threats, enterprises should be concerned because that would call the endpoint security tool into question if it can't adapt to detect new attacks. Enterprises may want to investigate alternative anti-malware products or other endpoint security tools (e.g., whitelisting) that could detect or prevent malicious code from running on an endpoint.
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
Vonteera adware has the ability to disable antimalware software on endpoint devices. Expert Nick Lewis explains how enterprises can prevent this ...continue reading
ModPOS, a new POS malware, compromised millions of credit card accounts in 2015. Expert Nick Lewis explains how cybercriminals use this malware and ...continue reading
Amex cards have been discovered to be vulnerable to credit card hacking. Expert Nick Lewis explains how this happens, and what can be done about Chip...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.