bolzano_1989

I have read this paper: www.loria.fr/~athierry/docs/Recon2012-recognition-binary-patterns.pdf

Could you tell me how do you identify common subroutines come from standard libraries that do not need to be reversed in a malware sample? How do you do that in IDA or other tools?

Usually, how do you spot functions writen by a malware author :) ? What are the difference or signs for you to regconize?