Online antivirus engines are interoperable in nature. There are number of primary or secondary servers which are working collaboratively against a particular task. The only difference lies in their functionality. The base logic projects that viruses cannot hide within compressed modules because major anti-virus software support scanning inside the packed modules. This clearly indicates that every single object present inside the executable whether it is packed or not is definitely traced by the online antivirus engine. This process is termed as “Inline Scanning”.
Our technique utilizes this efficient functionality of antivirus engines to steal information from the servers which are doing analysis and third party code scanning on the executable. Primarily executables are packed with some kind of object code which is linked to third party infected servers. Possible inclusion of third party code from the remote resource results in the infection of victim machine. This process is almost optimized for malware analysis as every scanned object is handled in a controlled environment.
The databases are updated with analysis that are performed on the executables which are the source of infection or poses some kind of threat to the system.
This document is in PDF format. To view it click here.