Malware Evasion Techniques
The cluster focuses on discussions about how malware and attackers use evasion tactics to bypass anti-malware tools, endpoint security products, and detection services like Microsoft flagging or VirusTotal, including probing for blind spots and hiding methods.
Activity Over Time
Top Contributors
Keywords
Sample Comments
Maybe an effort to foil anti-malware / endpoint security products?
Has there been a single recorded case of malware getting around this way?
It's not earth shattering but malware/attackers will use things like this for evasion.
Imagine that you have put malware in xyz.com/mybadpage1, xyz.com/mybadpage2, and xyz.com/mybadpage3 pages. MS flags you, and you query MS. They tell you they see malware on the first two urls. Now you gained information about their blindspots.You can capitalise on this multiple ways. You can remove the first two and hope they remove the flag. You can design your next attack better so it is more like mybadpage3. Etc
isnt this how you hide malware on a machine?
Probably not. Most of that type of malware takes additional measures to avoid detection by the site maintainers.
It sounds like you might be misunderstanding the feature. Can you explain precisely how you envisage it being used by malware?
I guess you'd have to run it in a malware sandbox like Cuckoo.
Malware already does this. Non-malware programs already do this to complicate analysis.
Wouldn't the next malware use a different way to embed itself