Conference Papers

Permanent URI for this collectionhttps://idr.nitk.ac.in/handle/123456789/28506

Browse

Filters

2011 - 20123

Settings

Author: search.filters.author.Vishnani, K.Has files: No

Search Results

Now showing 1 - 3 of 3
  • No Thumbnail Available
    Item
    An in-depth analysis of the epitome of online stealth: Keyloggers; and their countermeasures
    (2011) Vishnani, K.; Pais, A.R.; Mohandas, R.
    Malware came into existence ever since the inception of the computers itself and its spread has been gaining momentum as a result of persistent success and evolution of the Internet. Cyber world has been noticing a shift in the goals of malware writers, which would only become more insidious with time. Currently the matter of great concern for Internet users is that of online stealth. In this paper we discuss in detail about the epitome of online stealth, the keyloggers; present an analysis of few well known anti-keyloggers; list a set of counter-measures for the users based on our analysis; and also present our approach for client side authentication to reduce the attack surface available to the hackers. © 2011 Springer-Verlag.
  • No Thumbnail Available
    Item
    Detecting & defeating split personality malware
    (2011) Vishnani, K.; Pais, A.R.; Mohandas, R.
    Security analysts extensively use virtual machines to analyse sample programs and study them to determine if they contain any malware. In the process, if the malware destabilizes the guest OS, they simply discard it and load in a fresh image. This approach increases their productivity. Since naive users do not run virtual machines, malware authors have observed that it is a pretty good probability that their malware is being analysed if it is being run in a Virtual Machine (VM). When these analysis aware malware detect the presence of VMs, they behave in a benign manner thus escaping detection. A determined analyst will have to end up running the sample on a native machine that adds to his chase time. In this paper, we briefly discuss the techniques deployed to detect VM by the Analysis Aware Malware also known as the Split Personality Malware. We then introduce our tool that not only detects this category of malware but also fools it into believing that it is running on a native machine even when it is running on a virtualized one, forcing it to exhibit its malicious form. Most security analysts should find this tool really useful.
  • No Thumbnail Available
    Item
    Split personality malware detection and defeating in popular virtual machines
    (2012) Kumar, A.V.; Vishnani, K.; Kumar, K.V.
    Virtual Machines have gained immense popularity amongst the Security Researchers and Malware Analysts due to their pertinent design to analyze malware without risking permanent infection to the actual system carrying out the tests. This is because during analysis, even if a malware infects and destabilizes the guest OS, the analyst can simply load in a fresh image thus avoiding any damage to the actual machine. However, the cat and mouse game between the Black Hat and the White Hat Hackers is a well established fact. Hence, the malware writers have once again raised their stakes by creating a new kind of malware which can detect the presence of virtual machines. Once it detects that it is running on a virtual machine, it either terminates execution immediately or simply hides its malicious intent and continues to execute in a benign manner thus evading its own detection. This category of malware has been termed as Split Personality malware or Analysis Aware malware in the Information Security jargon. This paper aims at defeating the split personality malware in popular virtual machine environment. This work includes first the study of various virtual machine detection techniques and then development of a method to thwart these techniques from successfully detecting the virtual machines-VirtualBox, VirtualPC and VMware. Copyright © 2012 ACM.