• Title/Summary/Keyword: Proxy DLL

Search Result 1, Processing Time 0.019 seconds

A research on detection techniques of Proxy DLL malware disguised as a Windows library : Focus on the case of Winnti (윈도우즈 라이브러리로 위장한 Proxy DLL 악성코드 탐지기법에 대한 연구 : Winnti 사례를 중심으로)

  • Koo, JunSeok;Kim, Huy Kang
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.6
    • /
    • pp.1385-1397
    • /
    • 2015

  • The Proxy DLL is a mechanism using a normal characteristics of Windows. Specific malware is executed via this mechanism after intrusion into a system which is targeted. If a intrusion of malware is successful, malware should be executed at least once. For execution, malware is disguised as a Windows Library. The malware of Winnti group is a good case for this. Winnti is a group of Chinese hacking groups identified by research in the fall of 2011 at Kaspersky Lab. Winnti group activities was negatively over the years to target the online video game industry, in this process by making a number of malware infected the online gaming company. In this paper, we perform research on detection techniques of Proxy DLL malware which is disguised as a Windows library through Winnti group case. The experiments that are undertaken to target real malware of Winnti show reliability of detection techniques.

  • https://doi.org/10.13089/JKIISC.2015.25.6.1385 인용 PDF KSCI HTML