Sophisticated methods of infecting users with web malware and techniques for evading its detection are exposing shortcomings in web security, and a more holistic approach is needed for effective protection against cyber crime, according to Google.

The evidence for this is presented in research drawing on four years worth of data, and offers the most complete picture yet of recent trends in the security evasion techniques used by malware developers, the company says. Google researchers looked at the following techniques for detecting web malware:

• VM honeypots
• Browser emulators
• AV engines
• Domain reputation

In each case Google is able to provide empirical evidence of limitations. Summarising broadly, VM honeypots will struggle to model social engineering attacks, malware is getting better at detecting browser emulators, AV is vulnerable to obfuscation and zero-day attacks, and domain reputation techniques can be nullified by IP cloaking.

Although all of the security techniques have their flaws, these can be addressed individually, Google concedes. But overall, a combination of all them in a more holistic approach may be the key message to draw from the findings.

For example, on the topic of AV engines Google has this to say: “To maintain optimum detection, one should continuously update virus definitions. One can also improve detection by using multiple AV engines. Perhaps the best way to improve upon AV detection rates is to use them as a component in a larger system.”

Did you like this article?

If yes, please click the LIKE button and share it with your friends!

Express yourself!

Start or join the discussion!

 Leave a comment