Omri Moyal

From ‘Evasive Techniques: An Introduction,’ a 2016 whitepaper from Minvera Labs. The company’s Co-Founder and VP of Research, Omri Moyal, is speaking on the ‘Cloud & Data Storage’ session at the upcoming NetDiligence Cyber Risk & Privacy Liability Forum

 

 


[M]any malware authors are similar to legitimate software companies. They aspire to be a profitable venture either by running a shady operation of their own or like in the malware as a service (or MaaS) “business model”– and offer a superior product to their clients.

Evasive techniques are just one aspect of malware, but they are unique. At the moment we are witness to a direct arms race between “good and evil”, with each new malware adding more and more sophisticated tests to be performed prior to the deployment of a payload. Internal competition between “malware vendors” just increases the numbers of techniques added to malware, as “clientele” often prefer the product offering them the ones containing the highest count of evasion techniques.

This explosion in the number of evasive techniques looks frightening at first sight but it creates new opportunities for defenders as well.

Minerva’s unique approach of simulating an environment hostile to evasive malware, takes advantage of malware paranoia and forces it to pick its poison. Does it terminate while trying to evade detection or perhaps give up on evasive techniques and get caught. The fact that only a single artifact searched by a malware is required in order to halt its execution makes Minerva’s approach very potent and inspires optimism about the future of the war on malware.

Introduction to Evasive Techniques v1.0