posted on 2007-01-01, 00:00authored byHeng Yin, Dawn Song, Manuel Egele, Christopher Kruegel, Engin Kirda
Malicious programs spy on users’ behavior and compromise
their privacy. Even software from reputable vendors, such
as Google Desktop and Sony DRM media player, may perform undesirable actions. Unfortunately, existing techniques
for detecting malware and analyzing unknown code samples
are insufficient and have significant shortcomings. We observe that malicious information access and processing be-
havior is the fundamental trait of numerous malware cate-
gories breaching users’ privacy (including keyloggers, password thieves, network sniffers, stealth backdoors, spyware
and rootkits), which separates these malicious applications
from benign software. We propose a system, Panorama, to
detect and analyze malware by capturing this fundamental
trait. In our extensive experiments, Panorama successfully
detected all the malware samples and had very few false
positives. Furthermore, by using Google Desktop as a case
study, we show that our system can accurately capture its
information access and processing behavior, and we can confirm that it does send back sensitive information to remote
servers in certain settings. We believe that a system such
as Panorama will offer indispensable assistance to code analysts and malware researchers by enabling them to quickly
comprehend the behavior and innerworkings of an unknown
sample.