Malicious software, commonly known as malware, is often used to steal personal and financial information. To accomplish such goals, the creators of malicious programs use various technical methods and social engineering methods. For example, a malicious program of false antivirus type, in the form of an antivirus program, may detect nonexistent threats and demands payment of money to remove them. Externally, the malicious program resembles the legal antivirus program and uses similar icons, scripts, cursors and sound effects.
Blockers are a type of malicious program that limit access to files and the operating system of the user computer and demand ransom for restoring operation, for example, under threat of destroying data. A malicious program of this type may display a text or a picture indicating that a violation of rights has occurred and demanding payment of compensation. The texts or pictures used in different blocker modifications differ little from each other.
The number of techniques used by malicious programs to conceal and/or modify its code is constantly growing. Techniques such as polymorphism and metamorphism enable malicious programs to avoid detection using common malware detection methods, such as signature analysis, hash sum analysis, heuristic analysis, and other. Situations may occur where, for example, a user sees the very same interface of a previously known malicious program, but the user's antivirus software does not consider the program malicious.
Therefore, there is a need for improved techniques for detection of malware.