Scientists have refined a technique to make automated analysis of malware nearly impossible, highlighting how viruses could bypass the scrutiny of security companies and go undetected by antivirus software, Technology Reviewreported.
Security researchers at the Georgia Institute of Technology's Information Security Center have found that a form of copy protection -- host identity-based encryption -- can lock up parts of a malware program with cryptographic keys based on information gleaned from a victim's system.
Such a technique would make it much more complicated for security companies and research labs to analyze virus specimens transferred outside the infected systems.
The discovery reveals how security software companies fall short in catching viruses if they just focus on catching malware by drawing on a database of identifying traits they’ve acquired from automated analyses. This means that antivirus companies may have to develop more sophisticated ways to discover new viruses and gain an edge against attackers.
Paul Royal, a research scientist on the Georgia Tech team, plans to unveil the work at the security conference, Black Hat, in Las Vegas this week.