The Latest in IT Security

Origins TracingT against Android.SmsSend

22
Aug
2011

Doctor Web-the leading Russian anti-virus vendor-successfully implements its Origins TracingT technology to eliminate threats to Android. This unique technology significantly reduces virus databases size at no cost to the protection quality-a very important feature for mobile devices.

The conventional detection technique requires a unique signature for each malicious file, so an anti-virus can recognize such a file. Consequently, the size of a database containing such signatures increases when new entries are added. Meanwhile, to avoid detection virus makers often recompile malicious files or alter the source code insignificantly. So the malicious payload remains the same but the signature of such a malicious program will differ from the one present in the virus database and an anti-virus may fail to detect such malware.

Origins TracingT from Doctor Web works differently. A special file describing the behaviour pattern is created for each malicious program added into the database. One such an entry is enough for an entire family of malicious applications to be recognized by the anti-virus, which ensures prompt detection of new variants of one program and significantly reduces the size of virus databases.

Origins TracingT is a unique technology created by Doctor Web. It has been used in Dr.Web products for desktops for several years and has recently been incorporated into the new versions of Dr.Web for Android Anti-virus&Anti-spam and Dr.Web for Android Light. Yet with Origins TracingT these software products successfully neutralize Android.SmsSend Trojan horses. This type of malignant software offers users to send paid SMS to install free applications, such as the browser Opera Mini. Once this Trojan horse has been added as Android.SmsSend.47 into the Origins TracingT databases, virus writers have tried repeatedly to change the source code of the program, hoping to bypass the anti-virus defence, but it has not brought any results. Each new version is successfully detected by the anti-virus software automatically. It should be noted that in the near future the list of malignant programs for Android, detected with Origins TracingT, will be expanded.

  1. Moutaz Alazab November 25, 2011

    My research is how to get a list of the API calls that has been used by Malware applications, and get another list of the API calls that have been used by benign application. Result, trying to build a detection engine based on the calls of API calls.

    API calls have been successfully used to build a detection engine for Malware PC, in my research project I would like to see if it same can be happen with Malware in Android operating system.

    Therefore, I am after the API calls runs and used by benign files and API calls runs and used by Malware files. Also is there anyway to put API that been used by application in a log file.

    Many Thanks, Moutaz

Leave a reply


Categories

THURSDAY, MARCH 28, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments