5
propagate > HIDE > LEARN > CONTROL > propagate
The HIDE functionality includes techniques to hide and protect malicious code.
The LEARN functionality includes techniques and abilities to learn and analyze
system and network where the malware program exists.
The CONTROL functionality includes ability to manage system or network where
the malware program exists.
The size of Enterprise malware is not limited and can be even more then 10 MB,
such malware could use additional techniques like steganography to hide itself.
1.4 Theories and Concepts
Let me introduce a few theories and concepts that will help us to understand and
realize the scope and the nature of the threats that future malware can introduce.
Analyzing these threats will give us the ability to prepare for them better if they
occur in the future.
Terminology:
Technology or technologies – means algorithms, software, code and etc. that
available today and in the use in some form (binary, source code and other).
Lemma 1: “The negative impact of available technologies”
Malicious software writers can use almost every (security) technology for “bad”
purposes. The trivial example is the use of encryption techniques in malware.
Lemma 2: “Malicious software writers have more (advanced) technology then
any other legitimate entity has”
Malicious software writers do not obey the laws, thus they can use any program
or technology regardless to patents, copyrights and license. For example, they
can get patented technologies by disassembling software, copying parts and use
copyrighted algorithms. They tend to share their “findings” with others, thus
“accumulating” the large amount of various technologies. According to “The
negative impact of available technologies” Theory, the total “amount” and quality
of technologies will be larger then in any other legal company.
Concept 1: “Clashing technologies”
 |
 |
 |