Large Scale Studies: Malware Needles in a Haystack

Resumo

Malware overview reports are valuable information to understand threats behavior and develop proper countermeasures. Currently, most of these studies are focused on either fine-grained, individual sample analysis or coarsegrained landscapes. On the one hand, only the first allows professionals to handle specific security breaches. On the other hand, only the second allows understanding threat scenario as a whole. We claim a complete security treatment is only possible when combining both approaches. Therefore, in this work, we present an analysis of a large malware dataset, showing the distinctions between coarse-grained and fine-grained analysis results. We present both a general threat scenario based on coarse-grained results as well as we detail our fine-grained results to identify particular malicious constructions to antecipate incident response of future threats.