Construction of a Technological Component to Support ISMS for the Detection of Obfuscation in Computer Worm Samples

Construction of a Technological Component to Support ISMS for the Detection of Obfuscation in Computer Worm Samples

연구 분야: Analysis

학회: International Congress of Telematics and Computing

In the world of malware, there is a category called computer worms, this type has a complex technological structure, but an ability to replicate itself automatically without the intervention of a human and can be distributed to other computers that are connected to the network, with a malicious code that can infect a computer that will later be used to infect others, spreading through the network. This malicious code used by computer worms could be found with ob- obfuscated code that allows it to hide part of its code when analyzed, not being able to classify it. In this framework, the research proposes the creation of a technological component (a piece of software) that allows a faster categorization of computer worms that have obfuscation in their code, proposing the development of a component that allows selecting a malicious file (computer worm) and that through the selection of a rule with the YARA (Yet Another Ridiculous Acronym) tool, verifies the obfuscation in it, having also a button that allows verifying the hash in the Virus Total platform. The purpose of this component is to help and support the Information Security Management Systems for the analysis of malware in investigations of threat intelligence units or cybersecurity teams that need to categorize this type of malware, automating the manual processes and validating the obfuscation in this type of malware.