Design, implementation and evaluation of a novel anti-virus parasitic malware

Byungho Min, Vijay Varadharajan

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

3 Citations (Scopus)

Abstract

In this paper, we propose an advanced malware, anti-virus parasitic malware (AV-Parmware). It attacks protected components of anti-virus software by their exploiting security weaknesses, and compromises the target systems by being a parasite on the anti-virus. We have investigated 18 anti-virus solutions from seven major anti-virus software vendors and have discovered that 12 products from four vendors (AVG, Avira, McAfee, and Symantec) have certain security weaknesses that can be utilised in the proposed malware1. There are several advantages to being an anti-virus parasitic malware, including longevity (anti-virus runs while its system is up), improved stealthy behaviour, highest privileges and capability to bypass security measures such as Egress filtering. We have implemented our proposed parasitic malware, and have shown that all these advantages are achieved in practice.

Original languageEnglish
Title of host publicationProceedings of the 30th Annual ACM Symposium on Applied Computing
Place of PublicationNew York
PublisherAssociation for Computing Machinery (ACM)
Pages2127-2133
Number of pages7
ISBN (Print)9781450331968
DOIs
Publication statusPublished - Apr 2015
Event30th Annual ACM Symposium on Applied Computing, SAC - 2015 - Salamanca, Spain
Duration: 13 Apr 201517 Apr 2015

Other

Other30th Annual ACM Symposium on Applied Computing, SAC - 2015
Country/TerritorySpain
CitySalamanca
Period13/04/1517/04/15

Fingerprint

Dive into the research topics of 'Design, implementation and evaluation of a novel anti-virus parasitic malware'. Together they form a unique fingerprint.

Cite this