Home > Cyber News > Obfuscation in Malware – the Key to a Successful Infection
CYBER NEWS

Obfuscation in Malware – the Key to a Successful Infection

Malware attacks are on the rise and as CRO of F-Secure Mikko Hypponen said on Ted talks – “It is no longer a war against our computers, it is now a war against our lives.” To better protect ourselves from this menace we need to understand why some Antivirus Software does not detect malware and why some threats are successful when it comes to infection? We have decided to look into the bottleneck when it comes to infecting a system – obfuscation software.

missing-files-1

How Does Obfuscation Work?

Obfuscators have been used for a while now. Their main purpose is to conceal the binary code of programs so that you may be able to prevent the competition from stealing it and copying it. When you use obfuscation in malware, the principle is rather the same. However, they conceal the contents of the malicious files so that they can evade anti-malware software.

Here is how the hex code of an executable file looks before it has been obfuscated:

serial-keys-unobfuscated

It is clear that you can even read the contents of the file, not to mention other information, such as who created it, and how was it made. However, when you apply the strong DES encryption algorithm to that very same file, here is what happens:

encrypted-text

As visible from above, it is not possible to read the contents and anti-malware software is also not able to recognize the file with real-time protection. However, most malware threats have a payload that also drops other data and changes settings, and this is where it becomes complicated for the malware to evade the anti-malware software. Most advanced threats do not only perform obfuscation once, but they do it several times to make the file have several levels of protection.

Also, when it comes to file concealment, one of the most widespread obfuscation methods is called XOR. It basically performs the same operation as we demonstrated with DES above, however unlike DES, its code is easier to decipher. One method of doing this is to use a program that goes through different combinations via a brute force type of attack to decipher the XOR encoded file.

Obfuscators Summary

There are many different obfuscators, and they are often referred to by hackers as Crypters or Packers. They contribute significantly to the successful infection of a given PC. Since if a given obfuscation software is undetected, we strongly advise users to follow the recommended protection tips to avoid malware in the future.

Ventsislav Krastev

Ventsislav is a cybersecurity expert at SensorsTechForum since 2015. He has been researching, covering, helping victims with the latest malware infections plus testing and reviewing software and the newest tech developments. Having graduated Marketing as well, Ventsislav also has passion for learning new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management, Network Administration and Computer Administration of System Applications, he found his true calling within the cybersecrurity industry and is a strong believer in the education of every user towards online safety and security.

More Posts - Website

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree