Fighting malware and spam

Real-time multilanguage threat descriptions using an intelligent template system

Oliver Auerbach, Cosmin Ancuta, Robert Harja Avira

During the last few years detailed threats descriptions have become more important than ever. In particular, companies invest large amounts of money and effort in order to have the latest descriptions on their web pages. These analyses vary from phishing to vulnerabilities and special product detection, but they are mainly used for certain viruses such as worms, backdoors, trojans, spyware or adware, and similar.

Since it requires a significant effort to create those descriptions and it takes a lot of time to write one from scratch over and over again, it is a common procedure to use templates. Such templates offer the possibility to select the parts someone would like to use in the description he is currently working on. However, they have to be individualized in order to fit the specific threat characteristics.

Another problem that arises after finalizing a description is the translation into different languages. This will entail more expense and effort, but the highest cost is, in fact, associated with the amount of time necessary for translations, since such descriptions are somehow critical and the sooner they appear the better.

This paper describes how we managed to solve all the problems mentioned above. Using an intelligent and dynamically extensible template system, we are able to create detailed descriptions. It includes a careful template design, which addresses various details, including the singular-plural difference or the different size-dependent display of listings, to name only a few examples. The main benefit, however, remains the fact that multilanguage descriptions become available in real time, no matter the number of languages implemented in the system.