Scanner Identifies Malware Strains, Could Be Future of AV

An anonymous reader writes "When it comes to spotting malware, signature-based detection, heuristics and cloud-based recognition and information sharing used by many antivirus solutions today work well up a certain point, but the polymorphic malware still gives them a run for their money. At the annual AusCert conference held this week in Australia a doctorate candidate from Deakin University in Melbourne has presented the result of his research and work that just might be the solution to this problem. Security researcher Silvio Cesare had noticed that malware code consists of small "structures" that remain the same even after moderate changes to its code. He created Simseer, a free online service that performs automated analysis on submitted malware samples and tells and shows you just how similar they are to other submitted specimens. It scores the similarity between malware (any kind of software, really), and it charts the results and visualizes program relationships as an evolutionary tree."

Re:Eh?

[hvm2hvm]

Not really, heuristic analysis means looking for specific patterns in code or other data. Things like the program setting himself to start at bootup while deleting itself from the initial run location and so on.

What this guys does is divide the code in small pieces and comparing those. The thing is I know for a fact that AVs today already do that so unless he has some really smart way of analyzing those "structures" his research is too late.

Disclaimer: I used to work at an AV company and actually I used to work on the part of the product that does exactly what this guys does.