Many malware attacks are finalised to steal personal data and/or money, promote fraud, disrupt business or extort ransom payments from organizations. To combat these threats, it’s vital to have a defence-in-depth approach that includes logging, protective monitoring and malware detection.
Bulk malware detection provides security teams with a powerful tool to quickly scan and identify suspicious files and programs across large collections of files or multiple networks. This allows organisations to catch and stop malware infection, or at least prevent the spread of a threat before real damage can be caused.
Guardians of the Digital Realm: The Essentials of Bulk Malware Detection
VirusTotal’s API capabilities, combined with Didier Stevens’ handy search tool, provide security teams with the ability to supercharge their bulk malware detection. By using this combination, security teams can identify the malware signatures that are most common in their organization and compare them to other VirusTotal submissions, giving them more visibility into the most widespread malware variants.
Unlike static signature-based approaches, which use a database of known malicious code to detect new malware, dynamic behavioral approaches focus on the behavior of an application. For example, the opcode sequences in an APK can be analyzed to find similarities with previously spotted malware variants using methods such as HMM (Austin et al., 2013) or ICCDetector (Xu et al., 2016). In addition, control flow analysis can also be used to identify malicious behaviours (Ding et al., 2014).