Adobe Offers Malware Tool

Wednesday, April 4, 2012 @ 12:04 PM gHale


Adobe Systems released a malware classification tool in order to help security incident first responders, malware analysts and security researchers identify malicious binary files.

The Adobe Malware Classifier tool uses machine learning algorithms to classify Windows executable and dynamic link library (DLL) files as clean, malicious or unknown, said Adobe security engineer Karthik Raman.

RELATED STORIES
CSET Version 4.1 Available
Botnet Rises for Third Time
Microsoft Seizes Zeus Servers
Smart Malware on Growth Curve
Malware has Bots Acting as C&C Server

Raman originally developed Malware Classifier for in-house use by Adobe’s Product Security Incident Response (PSIRT) Team.

“Part of what we do at PSIRT is respond to security incidents,” Raman said. “Sometimes this involves analyzing malware. To make life easier, I wrote a Python tool for quick malware triage for our team.”

When run, the tool extracts seven key attributes from every analyzed binary file and compares them to data obtained by running the J48, J48 Graft, PART, and Ridor machine-learning algorithms on a set of 100,000 malicious programs and 16,000 clean ones, Raman said.

Adobe has decided to release the Python script publicly under an open source BSD license. It is available for download from SourceForge.

Programmers have questioned the quality of the tool’s code on Twitter and other social media websites, because of its heavy use of conditional statements.



Leave a Reply

You must be logged in to post a comment.