Comparative study of recent MEA malware phylogeny

• Published in: 2017 2nd International Conference on Computer and Communication Systems (ICCCS) pp. 16 - 20
• Main Authors: Moubarak, Joanna, Chamoun, Maroun, Filiol, Eric
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.07.2017
• Subjects: advanced persistent threat; C++ languages; Computer crime; Cyber-attack; duqu; Duqu2.0; Encryption; Fires; flame; gauss; Kernel; Malware; malware analysis; malware evolution; malware phylogeny; middle east; Phylogeny; reverse engineering; rootkit; shamoon; shamoon 2.0; stealth techniques; stonedrill; stuxnet
• ISBN: 1538605384; 9781538605387
• DOI: 10.1109/CCOMS.2017.8075178

Governments in the MEA did not take cyberwarfare seriously a few years ago. Nowadays, there is a shift to a more concerned posture on the subject of cyber security after a series of public revelations of networks being penetrated around the region. The struggle unpacked by the Stuxnet malware in 2009 and then pursued through Duqu, Flame, Shamoon, Gauss, Duqu2.0, Shamoon 2.0 and Stonedrill malware. This paper is a technical survey and a proof of concept of the operating vectors utilized by these malware. It takes this very complex approach, and shows how common stealth and evasion functions and similar stealth methodologies have greatly abridged this undertaking. It provides the understanding needed to analyze and go through the history and development of the most remarkable attacks in the Middle East, their objectives and describes the similarities involved in that process. However, it focuses this around the actual downsides of each malware analyzed and what make it vulnerable or detected. The main purpose of this paper is to highlight the phylogenetic aspects infused in cyberattacks.