Lastline Labs

Marco Cova

Marco is a security researcher at Lastline. He is interested in most areas of systems security, but these days he deals mostly with web-based malware analysis and detection. He has received his PhD in Computer Science from the University of California, Santa Barbara, and has published more than 25 papers in leading conferences and journals. He has also led the design and development of Wepawet (http://wepawet.cs.ucsb.edu/), a publicly-available service for the analysis of malicious web pages.
Find me on:

Recent Posts

Evasive JScript

Posted by Marco Cova on 11/3/16 12:44 PM

One of the characteristics of malware that we follow closely is its use of evasion techniques; that is, techniques that the malware uses to hide its true malicious nature from traditional sandboxes, until it reaches a specific target machine. In other posts, we have discussed the adoption of different evasive techniques in binary programs, and, more recently, we have looked at the use of evasion in malicious Office documents through VBA macros. Here we examine the use of evasion in JScript scripts.

Read More

Topics: evasive jscript, VBA Macros, ECMAScript, COM Object Emulation Detection, Timebombs, stalling code, Execution Environment

A Pipeline for Scalable Analysis Capability

Posted by Marco Cova on 4/16/14 12:35 PM

An area where we spend quite some effort here at Lastline is scaling up our malware analysis capabilities, that is our ability to analyze (potentially) malicious artifacts, such as binaries, documents, and web pages. This is a very important area that affects not only our internal/backend operations, but also the data that our users see on their network (and the quality of this data).

Read More

Topics: Machine Learning, Advanced Malware Detection

Subscribe to Email Updates