Monday 20 July 2015

Researchers "Freeze" Software To Stop Malware


Researchers have devised a way to stop malware on computers, namely the "freezing" of software. Most software for Windows is dependent dynamic-link libraries (DLLs). A DLL is an executable file that is used by programs to share code and other resources required for certain tasks to carry. Windows contains several DLLs with functions and resources needed programs to the Windows environment function.

Since a DLL contains various related code, a program that will make use of it more code into memory than it actually needs.Malware can make use of this extra code if it knows how to use a vulnerability in the application. Researchers Collin Mulliner and Matthias Neugschwandtner invented a tool called Code Freeze a program that analyzes the code exactly you need from a DLL and which part is missing. Then, the tool overwrites the unused DLL code that the program loaded into the computer's memory, so malware can not make use of it.

Overhead

Code Freeze itself is offered as a DLL and would provide little overhead. During a demonstration appeared that Adobe Reader Code Freeze opened a few seconds slower than without the tool was. However, more than half of the DLL code reader loaded in the memory has been switched off, without the impact that this had on the program. An instance of malware which Mulliner had made earlier Adobe Reader still managed to attack, here succeeded after switching Code Freeze no longer.

Because the adjustment of the DLL code occurs in memory and not on the hard disk, both plans would be used as DLL files are not permanently changed. The software has been tested on Windows 8.1 32-bit. Mulliner late Tom's Guide that he wants to offer along with Neugschwandtner Code Freeze to Microsoft. Eventually, the researcher hopes that Microsoft will implement the tool and software developers here will go along. Next month Code Freeze will be discussed at the Black Hat conference demonstrated in Las Vegas.

2 comments:

  1. Hi..nice article...can u please post more technical details about code freeze

    ReplyDelete
    Replies
    1. Go through the below link for more details

      PDF:

      https://www.blackhat.com/docs/eu-14/materials/eu-14-Chubachi-Freeze-Drying-For-Capturing-Environment-Sensitive-Malware-Alive.pdf

      For Video:

      https://www.youtube.com/watch?v=h7Tc3E3ao38

      Delete