The web is experiencing an explosive growth in the last years. Newtechnologies are introduced at a very fast-pace with the aim of narrowing thegap between web-based applications and traditional desktop applications. Theresults are web applications that look and feel almost like desktopapplications while retaining the advantages of being originated from the web.However, these advancements come at a price. The same technologies used tobuild responsive, pleasant and fully-featured web applications, can also beused to write web malware able to escape detection systems. In this article wepresent new obfuscation techniques, based on some of the features of theupcoming HTML5 standard, which can be used to deceive malware detectionsystems. The proposed techniques have been experimented on a reference set ofobfuscated malware. Our results show that the malware rewritten using ourobfuscation techniques go undetected while being analyzed by a large number ofdetection systems. The same detection systems were able to correctly identifythe same malware in its original unobfuscated form. We also provide some hintsabout how the existing malware detection systems can be modified in order tocope with these new techniques.
展开▼
