Security Basics mailing list archives
Re: zeus virus
From: Todd Haverkos <infosec () haverkos com>
Date: Mon, 13 Sep 2010 11:24:02 -0500
enquiries () globalart4u com writes:
according to the papers today a bank has been hacked and over £680k has been stolen from customers accounts. Does anyone know which bank and also i understand only 10% of anti-virus / malware software can detect this zeus virus as it keeps changing. What is the best preventation currently? Is there such a thing as a smart anti-virus like the zeus that can detect these changes or are they all still static?
Preventing these goodies is tantamount to saying "how do I secure my network?" You need multiple layers and as always, there's no silver bullet. The answer to your last question is "No, antivirus definitely won't save you." AV is dead in a lot of ways and as you've noted is of very limited help with this sort of thing. It's just too easy to evade AV with repackers, modifying the code, randomization, etc. AV is always playing catch up and processing thousands of new variants and malware samples every day. While there are AV engines with heuristic detection based on behaviors, the rub is that they can be prone to false positives. Network and host based IDS have a shot at detecting the network activity the botnet generates..but are also evade-able with similar techniques. Damballa (damballa.com) has an intriguing solution that leverages their research and knowledge of various botnet's command and control to detect Zeus and other botnet activity. Their aim is at large corporate environments though, and you'll need your checkbook. :-) To prevent initial infection, you will need strong patch management, strong security configuration on your endpoints, and user training to be doing a best practices job at managing the risk of modern malware like Zeus. Application whitelisting is also a technology worth looking into, but there are limited places where it makes much sense without becoming a maintenance nightmare. -- Todd Haverkos, LPT MsCompE http://haverkos.com/ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- zeus virus enquiries (Sep 10)
- RE: zeus virus Sacks, Cailan C (Sep 13)
- RE: zeus virus Enquiries @ Globalart 4u (Sep 14)
- Re: zeus virus Todd Haverkos (Sep 13)
- RE: zeus virus Sacks, Cailan C (Sep 13)