Combating Evasive Malware

A key challenge in today's malware analysis is the use of evasions, a set of techniques that malicious artifacts use to determine if they are running inside analysis environments and to evade their detection.

In this talk, we will review evasion techniques found in-the-wild in binary and web-based malware (i.e., malicious web pages). We will also present two systems that we have introduced to detect and bypass common evasion techniques used in these contexts.

The talk will leverage our experience with doing malware analysis in a commercial settings at Lastline, as well as years of experience in running two academic malware analysis systems: Anubis ( and Wepawet (

Marco Cova
Marco Cova is a member of the founding team of Lastline, Inc., where is currently a Senior Security Research, and is a Lecturer in Computer Security at the University of Birmingham, UK. He received his M.S degree in Computer Engineering from the University of Bologna, Italy, and his Ph.D. degree in Computer Science from the University of California, Santa Barbara. His research interests include most areas of systems security, with an emphasis on web-based malware analysis and detection, botnets, and vulnerability analysis. He has published more than 25 papers on these topics in leading conferences and journals. He has also led the design and development of Wepawet, a publicly-available service for the analysis of malicious web pages.