利用能量计分法检测恶意邮件附件中的宏少和反规避恶意软件

2023 International Conference on Advances in Intelligent Computing and Applications (AICAPS) Pub Date : 2023-02-01 DOI:10.1109/AICAPS57044.2023.10074267

Shyam Sundar Ramaswami, Gandharba Swain

{"title":"利用能量计分法检测恶意邮件附件中的宏少和反规避恶意软件","authors":"Shyam Sundar Ramaswami, Gandharba Swain","doi":"10.1109/AICAPS57044.2023.10074267","DOIUrl":null,"url":null,"abstract":"E-mails have become an inevitable part of everyone's internet lives today. Be it business, commercial, be it entertainment, e-mails are the crux of marketing and communication e-mail is the primary entry point for many malware-based attacks. Malspam is another form of e-mail delivered with malicious attachments. Macro-based malware is very common these days where the threat actor plans a malicious script that executes or downloads the actual malware when the document is opened. This is more towards a Microsoft Office document. In this paper, we are discussing a technique where the threat actors went un-detected for months by anti-virus vendors and how we ended up detecting the malicious elements inside a Microsoft Office document. This paper also proposes a solution using Anergy Scoring Methodology to flag a good Microsoft Office document vs a bad Microsoft Office Document in a swift and convincing manner.","PeriodicalId":146698,"journal":{"name":"2023 International Conference on Advances in Intelligent Computing and Applications (AICAPS)","volume":"48 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Detecting Macro less and Anti-evasive Malware in Malspam Word Attachments Using Anergy Scoring Methodology\",\"authors\":\"Shyam Sundar Ramaswami, Gandharba Swain\",\"doi\":\"10.1109/AICAPS57044.2023.10074267\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"E-mails have become an inevitable part of everyone's internet lives today. Be it business, commercial, be it entertainment, e-mails are the crux of marketing and communication e-mail is the primary entry point for many malware-based attacks. Malspam is another form of e-mail delivered with malicious attachments. Macro-based malware is very common these days where the threat actor plans a malicious script that executes or downloads the actual malware when the document is opened. This is more towards a Microsoft Office document. In this paper, we are discussing a technique where the threat actors went un-detected for months by anti-virus vendors and how we ended up detecting the malicious elements inside a Microsoft Office document. This paper also proposes a solution using Anergy Scoring Methodology to flag a good Microsoft Office document vs a bad Microsoft Office Document in a swift and convincing manner.\",\"PeriodicalId\":146698,\"journal\":{\"name\":\"2023 International Conference on Advances in Intelligent Computing and Applications (AICAPS)\",\"volume\":\"48 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-02-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2023 International Conference on Advances in Intelligent Computing and Applications (AICAPS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/AICAPS57044.2023.10074267\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 International Conference on Advances in Intelligent Computing and Applications (AICAPS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/AICAPS57044.2023.10074267","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

电子邮件已经成为当今每个人网络生活中不可避免的一部分。无论是商务、商业还是娱乐，电子邮件都是营销和通信的关键。电子邮件是许多恶意软件攻击的主要入口。垃圾邮件是另一种带有恶意附件的电子邮件。基于宏的恶意软件现在非常常见，威胁行为者会计划一个恶意脚本，在打开文档时执行或下载实际的恶意软件。这更接近于Microsoft Office文档。在本文中，我们将讨论一种技术，在这种技术中，反病毒供应商数月未检测到威胁参与者，以及我们如何最终检测到Microsoft Office文档中的恶意元素。本文还提出了一种解决方案，即使用能量评分法以一种快速而令人信服的方式标记一个好的Microsoft Office文档和一个坏的Microsoft Office文档。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Detecting Macro less and Anti-evasive Malware in Malspam Word Attachments Using Anergy Scoring Methodology

E-mails have become an inevitable part of everyone's internet lives today. Be it business, commercial, be it entertainment, e-mails are the crux of marketing and communication e-mail is the primary entry point for many malware-based attacks. Malspam is another form of e-mail delivered with malicious attachments. Macro-based malware is very common these days where the threat actor plans a malicious script that executes or downloads the actual malware when the document is opened. This is more towards a Microsoft Office document. In this paper, we are discussing a technique where the threat actors went un-detected for months by anti-virus vendors and how we ended up detecting the malicious elements inside a Microsoft Office document. This paper also proposes a solution using Anergy Scoring Methodology to flag a good Microsoft Office document vs a bad Microsoft Office Document in a swift and convincing manner.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2023 International Conference on Advances in Intelligent Computing and Applications (AICAPS)

自引率

0.00%

发文量