Among the more familiar forms of automated monitoring technologies, malware detection comprises mechanisms to identify and protect against harm from viruses, worms, trojan horses, spyware, and other forms of malicious code. Malware detection and prevention technologies are widely available for servers, gateways, user workstations, and mobile devices, with some tools offering the capability to centrally monitor malware detection software installed on multiple systems or computers. Malware detection tools typically run continuously and provide automated updates of detection signatures or other reference information used to identify malicious code.
At Velinoop we offer malware analysis in custom environments ranging from dedicated sand boxed on-premises architectures to cloud environments which analysis malwares at machine level even if the malwares are built using anti debugger technologies. The signatures for malware detection are built client technology compatible, such that they can be easily integrated in client security application.
We offer malware analysis in following categories:
Cross platform
For most of the recorded history of malware, viruses, trojans and other malicious software have been specialists. Each piece of malware typically targeted one platform, be it Windows, OS X, Linux, Unix or now, one of the mobile platforms. But the last few months have seen the rise of cross-platform malware that have the ability to infect several different kinds of machines with small variations to their code. Thus we review malwares on all platforms.
PUA(Potential Unwanted Application)
Potentially Unwanted Applications (PUAs) are unwanted software programs that come bundled in legitimate free software programs as a package. These may also be called Potentially Unwanted Programs, or PUPs.
Not all PUAs are destructive, but some can cause very annoying behaviors, like generating pop up ads or causing your computer to run very slowly. These applications can negatively affect a computer’s performance and can even introduce security risks such as spyware and other unwanted programs.
UWS Categorization( Unwanted Software)
Adware: Software that contains advertisements downloaded to the user’s system without the user’s knowledge or permission, often resulting in browser redirection, pop-up advertisements, or pop-under advertisements is adware.
Auto-rooter: Software developed by hackers to automatically break into a previously untouched remote system is an auto-rooter.
Backdoor: A mechanism typically inserted into a program by a developer to bypass normal security controls for testing purposes is a backdoor. Programmers often neglect to remove backdoors when testing is complete.
Boot Sector Infector: Malware that infects the Master Boot Record (MBR) of a system partition so the malware runs when the system is booted is a boot sector infector.
Downloader: The component of a typical Trojan attack that downloads other malicious software is a downloader.
Encrypted Virus: A virus that employs an encryption algorithm along with an encryption key to obscure the contents of the viral package is an encrypted virus. The infected system decrypts the package upon receipt using the received encryption key and changes the key before retransmission of the virus to another victim’s system so the virus does not present the same signature to anti-virus scanners.
Macro Virus: A virus that infects the macro-capability of a document rather than the program code is a macro virus.
Metamorphic Virus: A virus that totally rewrites the virus code with each infection is a metamorphic virus. Metamorphic viruses differ from polymorphic viruses in that not only the appearance of the code changes but the viruses actually change their own program code.
Polymorphic Virus: A virus that changes the appearance of the virus’ code presented to antivirus software with every infection to eliminate the likelihood of a signature match is a polymorphic virus.
Trojan horse: Named after the story of the Trojan horse, a Trojan horse program entices a victim by appearing to be a useful program but the true function of the program may be malicious in nature. A Trojan horse program acquires the authorization level of the user who unknowingly installs the malware so the software often acquires unlimited access to the system.
Virus: A software package that merges into legitimate executable code for transport to another system is a virus. The original executable code is said to be infected when the virus code successfully merges into that executable. Running the infected code also runs the virus.
Worm: Unlike a virus, a worm does not need to merge into other executable code for transport to other systems. A worm can self-replicate over a network to locate and infect other hosts and run on arrival.