JOURNAL BROWSE
Search
Advanced SearchSearch Tips
A research on detection techniques of Proxy DLL malware disguised as a Windows library : Focus on the case of Winnti
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
 Title & Authors
A research on detection techniques of Proxy DLL malware disguised as a Windows library : Focus on the case of Winnti
Koo, JunSeok; Kim, Huy Kang;
  PDF(new window)
 Abstract
The Proxy DLL is a mechanism using a normal characteristics of Windows. Specific malware is executed via this mechanism after intrusion into a system which is targeted. If a intrusion of malware is successful, malware should be executed at least once. For execution, malware is disguised as a Windows Library. The malware of Winnti group is a good case for this. Winnti is a group of Chinese hacking groups identified by research in the fall of 2011 at Kaspersky Lab. Winnti group activities was negatively over the years to target the online video game industry, in this process by making a number of malware infected the online gaming company. In this paper, we perform research on detection techniques of Proxy DLL malware which is disguised as a Windows library through Winnti group case. The experiments that are undertaken to target real malware of Winnti show reliability of detection techniques.
 Keywords
Malware;Malicious Code;Anti Virus;Proxy DLL;Windows Library;Winnti;APT;
 Language
Korean
 Cited by
 References
1.
Fanglu Guo, Peter Ferrie and Tzi-cker Chiueh, "A Study of the Packer Problem and Its Solutions," In 11th International Symposium on Recent Advances in Intrusion Detection, pp. 98-115, 2008

2.
Ilsun You and Kangbin Yim, "Malware Obfuscation Techniques: A Brief Survey," In International Conference on Broadband, Wireless Computing, Communication and Applications, IEEE Computer Society. pp. 297-300, 2010

3.
A. Moser, C. Kruegel and E. Kirda, "Exploring Multiple Execution Paths for Malware Analysis," In IEEE Symposium on Security and Privacy, pp. 231-245.A., 2007

4.
C. Xuan, J. Copeland and R. Beyah, "Toward Revealing Kernel Malware Behavior in Virtual Execution Environments," In 12th International Symposium on Recent Advances in Intrusion Detection, pp. 304-325., 2009

5.
M. Preda, "Code Obfuscation and Malware Detection by Abstract Interpretation," In Dipartimento di Informatica, 2010.

6.
Ahmed F.Shosha, Chen-Ching Liu and Pavel Gladyshev, "Evasion-Resistant Malware Signature Based on Profiling Kernel Data Structure Objects," 2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS), 2012.

7.
Kaspersky Lab Global Research and Analysis Team, "winnti - more than just a game," Kaspersky Lab, 2013

8.
Microsoft MSDN Dynamic-Link Library https://msdn.microsoft.com/en-us/library/windows/desktop/ms686912(v=vs.85).aspx

9.
Microsoft MSDN Dynamic-Link Library https://msdn.microsoft.com/en-us/library/windows/desktop/ms682586(v=vs.85).aspx#standard_search_order_for_desktop_applications

10.
Lee, Ho Dong, "Structure and Concept of Windows System Executable File," Hanbit Media, 2005