Security Researchers Need to Find New Ways To Categorize Malware Strains

As the malware threat grows larger over time, it is evident traditional strategies may not be successful in the long run. Security researchers feel it is time to change the way malware is cataloged. With major advancements made by malware developers, it is evident something will need to change. A family tree of malicious software, for example, would be a good starting point.

Thinking Differently About Malware Than Before

Over the past few years, it has become evident there is a lot more to malware than meets the eye. Every new strain has some unique qualities that need to be cataloged as such. These threats have been around for as long as people can remember, yet only surged in popularity. It is of the utmost importance to understand why this is the case and how the problem can be addressed.

A lot of malware is “packed” into existing binaries. To be more precise, a legitimate software can be laden with malware and distributed by a criminal with relative ease. It doesn’t even take a degree in IT to do so, as everything can be done through command line interfaces. It is not difficult to see why this method is so appealing to criminals right now, as our society has become more reliant on software than ever before.

Additionally, the classification of malware types may need some rethinking as well. Malware has become easy to use and distribute and allows for criminals to hide their identity with relative ease. Every new malware source code will unavoidably spawn new “children” using large parts of this code with some added features on top. A lot of these new strains may appear to be zero-days, but they are – in most cases – abusing well-known vulnerabilities.

At the same time, identifying different malware families remains important. Finding the ones responsible for a specific malware strain has proven to be virtually impossible, despite a trail of digital breadcrumbs to follow. With so many “unique” malware types in existence, it becomes more difficult to find patterns. It is this type of cataloging that needs to change, as the current “system” plays into the hands of those responsible for distributing malicious software.

Most engineers tend to overlook the fact existing malware families are all polymorphic. Morphing the file hash by introducing a minor change to the source code does not make this new “variant” unique by any means. Common capabilities and sections of identical code should be cataloged, rather than creating a seemingly random list of malicious software. Finding the common ground between different malware types will allow engineers and experts to come up with solutions a lot faster.

Creating a new algorithm to identify similar types of malware is one way to solve this problem. It is possible artificial intelligence will play a big role in the process, although that remains to be seen for now. Labeling malware families which are “functionality similar” should be the top priority for all security companies moving forward. Criminals are innovating and stepping up their game, and security researchers need to do the same.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.