Though it is unclear when digital obfuscation started being developed seriously, we can point to a few milestones over the last 40 years. Much like early viruses, many early applications of obfuscation were not malicious.
1984 saw the creation of the International Obfuscated C Code Contest, which was the first competition in the world to see who could write the most obfuscated C program. Though it was more of an academic exercise to push the boundaries of obfuscation, it also revealed the power of obfuscation through many mind-boggling creations over the years.
Things picked up in the 1990s and 2000s as digital watermarks, a form of steganography, were used to identify copies of illegally distributed music and movies. This coincided with the passing of the Digital Millennium Copyright Act (DMCA) in 1998, which was used by the music and movie industries to combat piracy.
The early 2000s also saw the first instances of obfuscated malware. In 2005, we saw the PoisonIvy remote access trojan (RAT) hide part of its code to evade signature-based detection tools. Another RAT, Hydraq, used spaghetti code in 2009 as a means of obfuscation. It rearranged code blocks so that it could not be followed linearly, then used jump instructions to execute them in the right order.
Notably, the MITRE ATT&CK entry on obfuscated files or information is relatively new, having only been created on 31 May 2017. Few procedure examples in its database were found before 2015, indicating an explosion of interest around obfuscation in recent years.
More recently, we see signs of maturation and commercialization in the marketplace. In 2020, researchers found a number of vendors providing obfuscation-as-a-service for Android applications, with prices starting at $20 per APK. Impressively, this off-the-shelf service reduced payload detection rates by nearly 50%.
FAQs
Compression, encryption, and encoding are some of the most common obfuscation methods used by threat actors. Multiple methods are often used in tandem to evade a wider variety of cyber security tools at the initial point of intrusion.
What are malware detection techniques? ›
Heuristic Analysis – Heuristic analysis detects malware by analyzing the code or behavior of a program. If the software exhibits characteristics typically associated with malware, it is flagged as potentially malicious. This method allows for the detection of new or modified malware that may not have a known signature.
What are the different types of obfuscation? ›
Data masking, encryption, and tokenization are three common data obfuscation techniques. Each type has strengths in protecting against destructive malware. Familiarizing yourself with data obfuscation techniques will help you protect your sensitive data—and educate you in case obfuscation is used against you.
What are cyber obfuscation techniques? ›
Encrypting some or all of a program's code is one obfuscation method. Other approaches include stripping out potentially revealing metadata, replacing class and variable names with meaningless labels and adding unused or meaningless code to an application script.
What are the three most common techniques used to obfuscate data? ›
Three of the most common techniques used to obfuscate data are encryption, tokenization, and data masking. Encryption, tokenization, and data masking work in different ways. Encryption and tokenization are reversible in that the original values can be derived from the obfuscated data.
What are two techniques that malware can use to avoid detection? ›
Packers and Crypters: Packers and crypters are techniques used in malware to evade signature-based detection. Packers are tools that compress and encrypt the malware's code, creating a new executable that requires a specific unpacking routine to be executed, before revealing the original malicious code.
How to find hidden malware? ›
How To Know if You Have Malware
- suddenly slows down, crashes, or displays repeated error messages.
- won't shut down or restart.
- won't let you remove software.
- serves up lots of pop-ups, inappropriate ads, or ads that interfere with page content.
- shows ads in places you typically wouldn't see them, like government websites.
Types of malware include computer viruses, worms, Trojan horses, ransomware and spyware. These malicious programs steal, encrypt and delete sensitive data; alter or hijack core computing functions; and monitor end users' computer activity.
What are the two common technique for malware analysis? ›
Two forms of malware analysis exist for malicious executables: static and dynamic. As its name implies, static analysis (also known as static binary analysis or source code analysis) examines computer code without executing a program. Alternatively, dynamic analysis examines the behavior of a program at runtime.
What is obfuscation for dummies? ›
Code Obfuscation is the process of modifying an executable so that it is no longer useful to a hacker but remains fully functional. While the process may modify actual method instructions or metadata, it does not alter the output of the program.
Single Letter Variable Names
If you call your variables a, b, c, then it will be impossible to search for instances of them using a simple text editor. Further, nobody will be able to guess what they are for.
Is obfuscation the same as encryption? ›
Encryption provides confidentiality for sensitive information by converting code into ciphertext, making it unreadable to anyone who does not have the decryption key. Obfuscation, on the other hand, does not provide confidentiality, as the code remains in a readable form, just more difficult to understand.
What is malware obfuscation? ›
Malware obfuscation is the act of making the code of a program hard to discover or understand—by both humans and computers—but without changing how the program works. The goal is not just to make a program unreadable, but to hide its presence completely.
How do attackers use obfuscation? ›
Obfuscation is a technique commonly used by malware writers to transform the regular code into a human unreadable form which causes more complexity in static detection [38] and analysis. Obfuscation generally hides the code and increases the complexity in order to evade detection.
What is the fallacy of obfuscation? ›
It allows you to say "you're wrong" but leaves the other person thinking you said "you're right". Deliberately clouding the message to help press home a point or to avoid answering a difficult question means you are committing the Obfuscation Fallacy.
What are the 3 methods for protecting your device from malware? ›
How to prevent malware
- Keep your computer and software updated. ...
- Use a non-administrator account whenever possible. ...
- Think twice before clicking links or downloading anything. ...
- Be careful about opening email attachments or images. ...
- Don't trust pop-up windows that ask you to download software. ...
- Limit your file-sharing.
The tools that can be used to obfuscate malware code are PEID and UPX. Both tools are used to pack executable files, making them harder to detect by antivirus software. PEID, also known as PEiD, is a program that can analyze portable executable (PE) files and detect if they are packed with a particular type of packer.
What are the best practices for obfuscation? ›
3. Prefer using irreversible data obfuscation techniques. Hiding information is pointless if the persons who seize it can reverse-engineer the process and decrypt it using a key or a tool. So, it's best to adopt irreversible methods of data obfuscation like data masking or data anonymization.
