Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Antivirus Bypass Techniques

You're reading from   Antivirus Bypass Techniques Learn practical techniques and tactics to combat, bypass, and evade antivirus software

Arrow left icon
Product type Paperback
Published in Jul 2021
Publisher Packt
ISBN-13 9781801079747
Length 242 pages
Edition 1st Edition
Arrow right icon
Authors (2):
Arrow left icon
Uriel Kosayev Uriel Kosayev
Author Profile Icon Uriel Kosayev
Uriel Kosayev
Nir Yehoshua Nir Yehoshua
Author Profile Icon Nir Yehoshua
Nir Yehoshua
Arrow right icon
View More author details
Toc

Table of Contents (13) Chapters Close

Preface 1. Section 1: Know the Antivirus – the Basics Behind Your Security Solution
2. Chapter 1: Introduction to the Security Landscape FREE CHAPTER 3. Chapter 2: Before Research Begins 4. Chapter 3: Antivirus Research Approaches 5. Section 2: Bypass the Antivirus – Practical Techniques to Evade Antivirus Software
6. Chapter 4: Bypassing the Dynamic Engine 7. Chapter 5: Bypassing the Static Engine 8. Chapter 6: Other Antivirus Bypass Techniques 9. Section 3: Using Bypass Techniques in the Real World
10. Chapter 7: Antivirus Bypass Techniques in Red Team Operations 11. Chapter 8: Best Practices and Recommendations 12. Other Books You May Enjoy

Defining malware

Malware is a portmanteau of malicious software. It refers to code, a payload, or a file whose purpose is to infiltrate and cause damage to the endpoint in a few different ways, such as the following:

  • Receive complete access to the endpoint
  • Steal sensitive information such as passwords and the like
  • Encrypt files and demand a ransom
  • Ruin the user experience
  • Perform user tracking and sell the information
  • Show ads to the user
  • Attack third-party endpoints in a botnet attack

Over the years, many companies have developed antivirus software that aims to combat all types of malware threats, which have multiplied over the years, with the potential for harm also growing every single day.

Types of malware

To understand how to bypass antivirus software, it's best to map out the different kinds of malware out there. This helps us get into the heads of the people writing antivirus signatures and other engines. It will help us recognize what they're looking for, and when they find a malicious file, to understand how they classify the malware file:

  • Virus: A malware type that replicates itself in the system.
  • Worm: A type of malware whose purpose is to spread throughout a network and infect endpoints connected to that network in order to carry out some future malicious action. A worm can be integrated as a component of various types of malware.
  • Rootkit: A type of malware that is found in lower levels of the operating system that tend to be highly privileged. Many times, its purpose is to hide other malicious files.
  • Downloader: A type of malware whose function is to download and run from the internet some other malicious file whose purpose is to harm the user.
  • Ransomware: A type of malware whose purpose is to encrypt the endpoint and demand financial ransom from the user before they can access their files.
  • Botnet: Botnet malware causes the user to be a small part of a large network of infected computers. Botnet victims receive the same commands simultaneously from the attacker's server and may even be part of some future attack.
  • Backdoor: A type of malware whose purpose is – as the name suggests – to leave open a "back door", providing the attacker with ongoing access to the user's endpoint.
  • PUP: An acronym that stands for potentially unwanted program, a name that includes malware whose purpose is to present undesirable content to the user, for instance, ads.
  • Dropper: A type of malware whose purpose is to "drop" a component of itself into the hard drive.
  • Scareware: A type of malware that presents false data about the endpoint it is installed on, so as to frighten the user into performing actions that could be malicious, such as installing fake antivirus software or even paying money for it.
  • Trojan: A type of malware that performs as if it were a legitimate, innocent application within the operating system (for example, antivirus, free games, or Windows/Office activation) and contains malicious functionality.
  • Spyware: A type of malware whose purpose is to spy on the user and steal their information to sell it for financial gain.

    Important Note

    Malware variants and families are classified based not only on the main purpose or goal of the malware but also on its capabilities. For example, the WannaCry ransomware is classified as such because its main goal is to encrypt the victim's files and demand ransom, but WannaCry is also considered and classified as Trojan malware, as it impersonates a legitimate disk partition utility, and is also classified and detected as a worm because of its ability to laterally move and infect other computers in the network by exploiting the notorious EternalBlue SMB vulnerability.

Now that we have understood malware and its varieties, we should take a look at the systems created to guard against these intrusions.

You have been reading a chapter from
Antivirus Bypass Techniques
Published in: Jul 2021
Publisher: Packt
ISBN-13: 9781801079747
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image