Black Hat talk to reveal analysis of hacker fingerprints

He has found that these fingerprints last a long time. Once written, the binaries themselves are altered only infrequently, so employing these fingerprints as malware signatures will be more useful for longer periods. "The bad guys don't change their code that often," Hoglund says.

A traditional antivirus platform identifies variants of malware. This research can anchor a new form of intrusion detection that analyzes malware deeply to find these fingerprints and to assign it to a threat group based on the intent of the malware, he says.

For instance, if the malware is designed to steal credit card numbers from individuals, a corporation might rank it as a lower threat to the corporation than malware that seeks to steal the company's intellectual property, he says.

"You are not going to succeed in keeping the bad guys out of your network," Hoglund says. "But if you can detect them as early as possible, you can prevent losses."

During his talk, Hoglund says he will exhibit graphs that cluster half a million pieces of malware his team has examined on a graph according to how closely their fingerprints match. He says he hopes to demonstrate that the sources of these 500,000 examples number relatively low -- in the hundreds rather than the thousands, he says.