Adobe open sources Malware Classifier tool
Adobe has open sourced a tool for analysing and classifying malware to help security first responders, including malware analysts and security researchers. Called "Adobe Malware Classifier", the command-line tool is written in Python and was originally created for internal use by the Adobe Product Security Incident Response Team (PSIRT) "for quick malware triage".
According to its creator, Karthik Raman, an Adobe security researcher and former research scientist at McAfee Labs, the tool classifies Win32 binaries such as Windows executables (EXEs) and dynamic link libraries (DLLs) using machine learning algorithms into one of three categories: "0" for clean, "1" for malicious and "UNKNOWN".
Malware Classifier functions by extracting "seven key features" from an unknown binary and feeds the results into one or all of the classifiers, after which it presents its results. "The tool was developed using models resultant from running the J48, J48 Graft, PART, and Ridor machine-learning algorithms on a data set of approximately 100,000 malicious programs and 16,000 clean programs," added Raman.
- Adobe provides tool for analysing Flash files, a report from The H.