The purpose of the study conducted by Juan Fernando Mejía Calle, who graduated from a M.A. program of Universidad de Santiago, is that companies are able to automatically identify features in sophisticated files that are not recognized by common antivirus software. In this way, it will possible to manage the problem step by step and take remedial actions to be better prepared in the future.
John opens a file in his computer at work, and, unintentionally, he ends up infecting all databases in his company. How can he determine whether that file is effectively malicious or not? Although some of these pieces of software can only be detected by antivirus software, malicious codes evolve continuously until they cannot be recognized, making difficult to avoid them.In this context, a model that allows to automatically detect the features of a malicious software or malware and then follow steps to combat them, taking remedial actions, was the result of a study conducted by Juan Fernando Mejía Calle, who graduated from the M.A. program in Security, Forensics and Auditing of IT Processes of Universidad de Santiago de Chile. Mejía Calle is an Ecuadorian expert, holder of a scholarship of the Government of his country to study this program.His work, “Modelo de proceso para análisis, caracterización y clasificación de archivos ejecutables potencialmente maliciosos en un entorno organizacional con sistema operativo Windows,” will be a contribution to both the companies affected by these attacks and the organizations in charge of cyber forensics.The study suggests a process to capture malware evidence based on the features of different types of programs, providing information “that allows to know if the file got connected to another site, executed other programs or became self-executable or if it got encrypted,” Mejía explained. After that, the files analyzed can be classified as clean or malicious.“According to what I have studied, there is not any standard model for this purpose. Each author suggests a pattern based on his/her experience,” Mejía says. To conduct this study, he reviewed literature on malware and registered the features that he considered relevant to define it.The model that he presented showed an effectiveness of 92% using the cross-validation method.Mejía says that cyber-attacks in Chile are increasingly sophisticated. “New malware attacks or zero-day attacks can infect a computer because they have not been recognized yet. This type of attack cannot be prevented, but it can be analyzed to take future remedial actions,” he says.Translated by Marcela Contreras