Abstract
In this paper, we propose an advanced malware, anti-virus parasitic malware (AV-Parmware). It attacks protected components of anti-virus software by their exploiting security weaknesses, and compromises the target systems by being a parasite on the anti-virus. We have investigated 18 anti-virus solutions from seven major anti-virus software vendors and have discovered that 12 products from four vendors (AVG, Avira, McAfee, and Symantec) have certain security weaknesses that can be utilised in the proposed malware1. There are several advantages to being an anti-virus parasitic malware, including longevity (anti-virus runs while its system is up), improved stealthy behaviour, highest privileges and capability to bypass security measures such as Egress filtering. We have implemented our proposed parasitic malware, and have shown that all these advantages are achieved in practice.
Original language | English |
---|---|
Title of host publication | Proceedings of the 30th Annual ACM Symposium on Applied Computing |
Place of Publication | New York |
Publisher | Association for Computing Machinery (ACM) |
Pages | 2127-2133 |
Number of pages | 7 |
ISBN (Print) | 9781450331968 |
DOIs | |
Publication status | Published - Apr 2015 |
Event | 30th Annual ACM Symposium on Applied Computing, SAC - 2015 - Salamanca, Spain Duration: 13 Apr 2015 → 17 Apr 2015 |
Other
Other | 30th Annual ACM Symposium on Applied Computing, SAC - 2015 |
---|---|
Country/Territory | Spain |
City | Salamanca |
Period | 13/04/15 → 17/04/15 |