Nozomi Networks Labs scans the web on a daily basis and monitors new techniques that Internet of Things (IoT) malware developers introduce to deceive automated code analysis systems. In most cases, these threats are relatively simple and can be easily bypassed when the sample is manually analyzed in the debugger.
In our previous blog post on how IoT botnets evade detection, we discussed how malware authors commonly use the open-source Ultimate Packer for Executables (UPX) tool to protect malicious code. They are constantly innovating to make automatic unpacking more difficult by modifying them after the packing. After determining how the malicious samples have been amended, the next step is to teach our systems how to deal with these tricks and develop solutions to counter them. ...read more!
