Sciweavers

ASPLOS
2006
ACM

Temporal search: detecting hidden malware timebombs with virtual machines

14 years 6 months ago
Temporal search: detecting hidden malware timebombs with virtual machines
Worms, viruses, and other malware can be ticking bombs counting down to a specific time, when they might, for example, delete files or download new instructions from a public web server. We propose a novel virtual-machine-based analysis technique to automatically discover the timetable of a piece of malware, or when events will be triggered, so that other types of analysis can discern what those events are. This information can be invaluable for responding to rapid malware, and automating its discovery can provide more accurate information with less delay than careful human analysis. Developing an automated system that produces the timetable of a piece of malware is a challenging research problem. In this paper, we describe our implementation of a key component of such a system: the discovery of timers without making assumptions about the integrity of the infected system’s kernel. Our technique runs a virtual machine at slightly different rates of perceived time (time as seen by t...
Jedidiah R. Crandall, Gary Wassermann, Daniela A.
Added 13 Jun 2010
Updated 13 Jun 2010
Type Conference
Year 2006
Where ASPLOS
Authors Jedidiah R. Crandall, Gary Wassermann, Daniela A. S. de Oliveira, Zhendong Su, Shyhtsun Felix Wu, Frederic T. Chong
Comments (0)