"Detecting and Grouping Malware Using Section Hashes"
As technological advancement continues to accelerate, nation-states and unaffiliated individuals are quickly developing new malicious computer viruses to exploit computer system vulnerabilities and achieve their political and personal goals. To protect against these attacks, cybersecurity companies use various methods to prevent malware from entering systems. Current malware detection systems scan elements in a file or evaluate the file as a whole. According to new research, other avenues exist for detecting malware, specifically by dividing the file into sections and comparing the resulting pieces. A team of researchers developed an approach involving taking a set of known malware files and using their section hashes to identify and analyze other candidate files in a malware repository. This article continues to discuss the team's approach to detecting and grouping malware.