It’s widely known that human DNA evidence has had a major impact in the criminal justice system. Now another kind of DNA may have a similar impact in the fight to eradicate malicious software.
Malware DNA, also known as “malware provenance,” is the art and science of attributing elements of one object to another object. The technique has applications outside information security — for example, in genetics, or to test the authorship of student papers.
One way malware writers avoid detection of their programs is to craft polymorphic attacks. They dynamically change the code in their malware just enough to confound antivirus programs. Provenance counters that technique by identifying the amount of similar code in a program, or its “DNA.”
Every malware variant has an immutable part derived from its predecessors all the way back to its original malware family. For example, CryptoWall 3.0 shares the same genome with CryptoWall and the previous CryptoDefense.
The technique is not only very accurate, but also very fast. It can identify malware at machine language speeds and even detect zero day malware — that is, previously unseen malicious programs.
Read the article here http://www.technewsworld.com/story/84079.html