The attackers actively use techniques to disguise malware files as legitimate, including reliable distribution channels, stolen certificates, hiding malicious files in legitimate applications, or using system tools to deploy malicious activity.
At VirusTotal, we have explored the evolution of these and other techniques. In fact, it was surprising to realize that more than one million signed files were sent in the past 12 months to our service, dozens of legitimate domains belonging to the Alexa Top 1k ranking were used to distribute malware, or that there is a growing trend of mimicking legitimate applications when building malware, with Skype, Acrobat Reader, and VLC being the top 3.
During this talk, we will analyze the evolution of these types of techniques, showing some examples of how they are being implemented and providing tools for monitoring them.
- Discover how these camouflage techniques are being used.
- Understand how to find/monitor samples related to these techniques.
- Use this information to enforce your org/company defenses.