Welcome to Unprotect Project: The database about malware self-defending and protection
Malware are one of the most aggressive threats in the IT field. They are often used to cause damage, steal data, or spy on a target. Companies and Security Industry are working to be more effective against this threat and detecting new variants.
Malware authors spend a great deal of time and effort to develop complex code to perform malicious actions against a target system. It is crucial for malware to remain undetected and avoid sandbox analysis, antiviruses or malware analysts. With this kind of technics, malware are able to pass under the radar and stay undetected on a system.
The purpose of this wiki is to try to centralise all these techniques, to understand and detect new generation of malware.
Why malware use self-defending techniques and protection?
One of a big challenge is to detect the malware the fastest possible but also to understand its capabilities. Using self defending techniques increase the time of detection and analysis and allow the malware to perform malicious actions.
If malware is detected just after having been propagated it has little time to steal data or to maximize its impact. The IT security market is becoming more mature and security tools and applications are today more efficient. However attackers understand and monitor the operation of these tools also.
In addition to that, best practices are not always respected. Antivirus software is sometime outdated and sandboxes can easily be detected due to misconfiguration. If a malware evade the antivirus, the sandbox, the firewall and other, it has the time to steal data during the time where it stays undetected. As well, once the malware is caught, it will be analysed by a security analyst that will statically and dynamically analyse it, then create a detection signature.
This time is critical for malware but also for companies:
- For attackers, the longer the time of detection, the more malicious actions the malware can perform against it’s target.
- For companies the shorter the time of detection, the less malicious actions the malware can perform.
It is a big challenge for both companies and attackers.
The purpose of this database is to bring solutions and answers to:
- Understand why AV engine doesn’t detect new generation of malware?
- Understand why sandbox tools are not enough effective in front of this threat?
- Understand why malware analyst fall in the malware trap?
- Understand the malware protection technics and how to defeat it.
We do not claim that it is a comprehensive list of techniques, only an approximation of what is publicly known; therefore, it is also an invitation for the community to contribute additional details and information to continue developing the body of knowledge. Contributions could include new techniques, categories, clarifying information, examples, other platforms or environments, methods of detection or mitigation.