Analyzing Malware Classification Through Automation and Research

The reverse engineer--better known amongst security researchers by his nom de plume, Halvar Flake-- created an automated system for classifying software into groups, a process he believes for which machines are much better suited. Research using the system has underscore the sometimes-arbitrary decisions humans make in classifying malicious programs, he said.

Among other anomalies, he found that Sasser.D has only a 69 percent correlation to previous members of the Sasser family, while two example of bot software, Gobot and Ghostbot, are much more similar. "It's like putting donkeys and bunnies in the same class because they both have long ears," Dullien, the founder and CEO of reverse-engineering tool maker Sabre Security, said in a recent interview.

The link for this article located at Security Focus is no longer available.