We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

better security for detecting binded virus files

Medium Priority
892 Views
Last Modified: 2013-11-22
Was looking for methods to better help in discovering and preventive measures for binded files that contain viruses. I've seen alot of Istealer servers that people use to get data most of these files they send out are fully undetectable by virus software. I saw one file that was binded that someone upload on nothanksvirus.org to test and it didnt detect the virus/malware/password stealer. How does one detect this on one's system and guard against such a threat?
Comment
Watch Question

Mohamed OsamaSenior IT Consultant
CERTIFIED EXPERT

Commented:
Ok  let me please clarify the difference between two techniques that may be used here
Binder : there are three sections to a binded executable (executable 1, Executable2  & the Binder's Stub code)
Dropper: there are usually two separate sections of code, one is usually embedded into the other through resource files or using a technique like SFX, it is not uncommon for the section where the bad executable resides to be encrypted.
if you will rely solely on antivirus signature /definitions based scanning, then expect quite a few of those to go by undetected, especially droppers, binders are a bit easier in detection because the stub is almost always a giveaway.
however some script kiddies or malware distributors use custom made binders or droppers to ship their code out , this will not be included in your antivirus database and is bound to pass undetected.
the only way to beat those is by having a resident , active & running antivirus program , although the binder will hide the malware that it carries in storage (while it is still binded) , once extracted, your antivirus program should detect it for what it really is through definitions or through Heuristic scans that will map certain activities (if run in stealth) to malware activities, please post back if you require any clarification.
also if in doubt a better online scanner is www.virustotal.com


Author

Commented:
Admin3k i see what your saying i understand there are alot of 0day virus/malware out there which would go by undetected through a regular scan. Should i use executable extract to look through an questionable exe? The binded file showed undetectable on virustotal as well. There has to be a easy way to detecting a threat, something that picks up on a binded files characteristics. Yes if you would please explain more in depth as well as take into consideration what i just mentioned as well . thanks
Mohamed OsamaSenior IT Consultant
CERTIFIED EXPERT

Commented:
Just to be sure about what e are dealing with here, I would like to take a look at this sample please, Please rename extension to .TXT , Compress as ZIP archive and attach here, once examind hopefully I will be able to advise of a suitable course of action.
Commented:
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview

Author

Commented:
Proactive based products such as prevx? for example
Mohamed OsamaSenior IT Consultant
CERTIFIED EXPERT
Commented:
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.