1. Field of the Invention
This invention pertains in general to computer security and in particular to detecting mutating malware.
2. Description of the Related Art
There is a wide variety of malicious software (malware) that can attack modern computers. Malware threats include computer viruses, worms, Trojan horse programs, spyware, adware, crimeware, and phishing websites. Modern malware is often designed to provide financial gain to the attacker. For example, malware can surreptitiously capture important information such as logins, passwords, bank account identifiers, and credit card numbers. Similarly, the malware can provide hidden interfaces that allow the attacker to access and control the compromised computer.
Classical malware can typically be detected by conventional security software using techniques such as signature scanning and behavior monitoring heuristics. However, to evade security software attackers have developed mutating malware, which is malware that frequently modifies itself. Since the malware is frequently mutating, it makes it impossible to have a signature for every malware mutation, thus making it difficult to detect mutating malware using signature scanning. Behavior monitoring heuristics can sometimes detect mutating malware but often produces false positive detections. Accordingly, there is a need in the art for ways to detect mutating malware that does not suffer from these drawbacks.