Obfuscation in Malware – the Key to a Successful Infection - How to, Technology and PC Security Forum | SensorsTechForum.com

Obfuscation in Malware – the Key to a Successful Infection

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

Malware attacks are on the rise and as CRO of F-Secure Mikko Hypponen said on Ted talks – “It is no longer a war against our computers, it is now a war against our lives.” To better protect ourselves from this menace we need to understand why some Antivirus Software does not detect malware and why some threats are successful when it comes to infection? We have decided to look into the bottleneck when it comes to infecting a system – obfuscation software.


How Does Obfuscation Work?

Obfuscators have been used for a while now. Their main purpose is to conceal the binary code of programs so that you may be able to prevent the competition from stealing it and copying it. When you use obfuscation in malware, the principle is rather the same. However, they conceal the contents of the malicious files so that they can evade anti-malware software.

Here is how the hex code of an executable file looks before it has been obfuscated:


It is clear that you can even read the contents of the file, not to mention other information, such as who created it, and how was it made. However, when you apply the strong DES encryption algorithm to that very same file, here is what happens:


As visible from above, it is not possible to read the contents and anti-malware software is also not able to recognize the file with real-time protection. However, most malware threats have a payload that also drops other data and changes settings, and this is where it becomes complicated for the malware to evade the anti-malware software. Most advanced threats do not only perform obfuscation once, but they do it several times to make the file have several levels of protection.

Also, when it comes to file concealment, one of the most widespread obfuscation methods is called XOR. It basically performs the same operation as we demonstrated with DES above, however unlike DES, its code is easier to decipher. One method of doing this is to use a program that goes through different combinations via a brute force type of attack to decipher the XOR encoded file.

Obfuscators Summary

There are many different obfuscators, and they are often referred to by hackers as Crypters or Packers. They contribute significantly to the successful infection of a given PC. Since if a given obfuscation software is undetected, we strongly advise users to follow the recommended protection tips to avoid malware in the future.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share