I've read about malware that attempts to avoid automated analysis by antivirus programs by waiting to run malicious...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
code until user input (the mouse) is active. Could you provide some info on these malware evasion techniques? Should I be concerned that my antivirus product isn't picking up on such threats?
Ask the Expert
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)
As the war against malware continues to evolve, malware developers are increasingly using professional software development methods and continue adding in new evasion techniques to prevent their malware from being detected. Malware writers have included antivirtual machine detection in their tool chests since at least 2006 to prevent researchers from analyzing their malware and developing signatures for detection and prevention. Automated anti-malware tools also use virtual machines for analysis to block the malware. Some malware is now checking for mouse activity to prevent analysis. As an example of why such techniques could be valuable to attackers, malware could check to confirm it can reach the command-and-control infrastructure prior to activation.
Endpoint anti-malware tools do not necessarily need to detect if there is mouse activity while checking for malware, but the researchers at the anti-malware vendors need to be able to analyze the malware to develop signatures or methods to detect the malware. Once a signature or detection method is created, it can be used to prevent malware from potentially executing on the endpoint before checking for mouse activity. If the anti-malware research teams are not picking up on these threats, enterprises should be concerned because that would call the endpoint security tool into question if it can't adapt to detect new attacks. Enterprises may want to investigate alternative anti-malware products or other endpoint security tools (e.g., whitelisting) that could detect or prevent malicious code from running on an endpoint.
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
Conficker malware was found in a German nuclear power plant computer system. Expert Nick Lewis explains the possible impact of malware infections of ...continue reading
OneSoftPerDay, an adware program can install backdoors on PCs, is able to avoid detection from antimalware tools. Expert Nick Lewis explains how to ...continue reading
The hot-patching feature in Windows servers is vulnerable to attacks from APT groups. Expert Nick Lewis explains what hot patching is and how to ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.