Malware Obfuscation Techniques: the Code Prevention
Every organization has to plan DoS attack response plan before the intrusion occurs to minimize the loss. An organization needs to implement potential attack to monitor the remote services which notifies when their site is slow or down. Binary Canary is the one of the service which helps to self-host with amazon web services. This Binary Canary tracks different network inputs and output metrics and signal performance under DoS attack. In case of the website is hacked we can still check the logs of the server through different source if we set up an external logging service.
When DoS attack occurred, organization has to spend a lot of money and resources to come out of the situation. This also affects organizations status and good will. To avoid all these organizations should make sure it has all the security plans and procedures in place and also they should train their employees accordingly.
Below are some of the techniques used to disguise their code by malware developers
Using Core Count Detecting Sandbox: To identity the sandbox with some angle for some accuracy, malware or anti-virus will try to use discrepancies in the hardware mainly in CPU. Vendors should hide their respective configuration of the sandbox, to make the discovery more tough and fool the anti-virus or malware by making it to believe within the host.
Lack of User Input Detecting: If the mouse activity and keyboard usage is less then it helps malware. Hence we should make sure to use the user input regularly.
Symbolic Information has to be eliminated: We have to use programming languages like C, C++, Java to release the builds. We have to use these programming languages because, these use byte codes to eliminate the addresses. All these can be replaced by using strings in the programming languages. Hence programmers right a program to communicate with other computer instead of communicating directly by using name and addresses.
Encrypting the Code: Encrypting the code is used to avoid the static analysis, once the program is compiled. It will have decryption code and will be executed at run time. Once the code is implemented the programmer has to let the code decrypt itself. This helps malware to use the opportunity of decryption to hide its actual intension from the programmer.
Controlling the flow of transformation: To reduce the readability of code by human, controlling the follow of transformation is another way. There are different ways to control flow transformation. They are computation, aggregation and ordering transformations.
Transforming the Data: Programmers transform the data by using different variables and structures which helps to encrypt the data and transform to the different systems.
Virtual Machines: Organizations should use virtual machine as it helps to protect the data. Code that is executed cannot be seen in the virtual machine.
Special API’s: To detect the debugs, we can use different kind of API’s and protect the data in coding.
