Uncloaking Malware


I was talking to a risk analyst at a large health insurance company about what she did not want in security solutions.


She didn’t want just another signature file based solution.

She didn’t want another traditional anti-virus solution.

She didn’t want to just give a vaccine to a corpse one more time.

She was concerned that there are attacks that use cloaking techniques that hide the presence of malware so that they can slip by her existing defenses. She was more concerned about what she doesn’t know about than what she does know about.

Panda tackles this problem by utilizing uncloaking technologies such as deep code inspection, rootkit heuristics and generic unpacking routines. The purpose of these technologies is to remove the cloaking that is hiding malicious code from the signature based detection or engineers that would normally identify it.  The end goal is to reveal the presence of malicious code to detection technology.

In deep code inspection, the engine looks at the machine code utilizing algorithms to correlate multiple pieces of the files and make assumptions of the actual intention of the code.

With rootkit heuristics – Panda uses heuristics algorithms to locate hidden elements that might be a root kit or part of a root kit. Generic unpacking routines are used to when malware is found to be utilizing compression routines in order to prevent analysis of the code.

With today’s cyber-crime trends of utilizing cloaking techniques, a lot more than signature files detection is needed.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: