Security Basics mailing list archives
Re: Malware detection
From: Vic Vandal <vvandal () well com>
Date: Thu, 19 Jul 2012 06:07:19 -0700 (PDT)
I typed up the following response to Tony's initial email, and then before sending noticed that John had already replied with a VERY similar message. Here's my copied verbiage (below) for added measure. I'll also piggyback on something John stated that I didn't in my original text. John said "no solution is 100% effective". Agreed in full. That's where practice with and usage of multiple tools (hopefully free ones for the most part) can help. In small environments or where you have suspicions that a machine is infected you can do manual analysis, which may reveal brand new malware that no tool is currently picking up. And defense-in-depth is always a good plan. Anyway here's my original response: I'm not professionally endorsing any products, but I'll state that MalwareBytes (free or Pro version) should be able to detect (and eradicate) those trojans, without impacting your production machines (beyond the need for a quick reboot in some cases to complete the cleanup job). You can postpone the reboot (where required). There absolutely are other products (i.e., ComboFix) that will render your production machines completely unusable while scanning, which is obviously what you're hoping to avoid. Then there are network-based products which detect and report on; suspect Internet connections to/from botnet C&C servers, as well as the download of trojan keystroke loggers, rootkits, and etc. Those could alert to the presence of such malware along with the infected production machine identification. Again, not endorsing any products, but (if you have some budget and work cycles to spare) you can look at things like; FireEye, TMS (Trend), WildFire (Palo Alto), MetaFlows, etc, etc. Peace, Vic (lifetime malware hater) ----- Original Message ----- From: "John Hebert" <jhebert () bizdps com> To: "ricky rap28" <ricky.rap28 () gmail com>, listbounce () securityfocus com, "Tony" <xnikod () gmail com>, security-basics () securityfocus com Sent: Wednesday, July 18, 2012 1:31:20 PM Subject: RE: Malware detection
-----Original Message----- From: ricky alwi [mailto:ricky.rap28 () gmail com] Sent: Wednesday, July 18, 2012 1:03 PM To: John Hebert; listbounce () securityfocus com; Tony; security- basics () securityfocus com Subject: Re: Malware detection John Hebert What if the system is using windows server 2003 R2? My office using this system
Keeping in mind that the "best" solution changes as technology changes, and that no solution is 100% effective(other than a reformat of a computer), try to find one that's consistently a top performer and doesn't have a reputation for slowing down the computer. Most vendors offer free trials, and I'd highly recommend making use of those options to find one that works well with your business applications. What works for one company may or may not work as well for another. My recommendation would be to look at Kaspersky. It detects not only existing malware that might be on the computer, but works to fight infections as/before they happen. If you're looking for something to inspect on-demand, take a look at MalwareBytes. You may be familiar with their free tool, but they have corporate licensing available as well. That being said, it's really only part of the equation. The trojans do need to communicate with someone, somewhere, so having some sort of network traffic filtering and monitoring in place to look for odd behavior should be a to-do item. That way, even if one of your systems becomes infected, it's an extra check in place to notice and hopefully prevent it from communicating with the control server(s).
Thx before. Regards, Ricky Sent from my BlackBerry(r) via Smart 1x / EVDO Network. Smart.Hebat.Hemat.
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Re: Malware detection, (continued)
- Re: Malware detection Raghav Pande (Jul 18)
- RE: Malware detection Mikesch, David A (Jul 18)
- RE: Malware detection Keith Kooyman (Jul 18)
- RE: Malware detection Murray, Mike (Jul 18)
- Re: Malware detection Tony (Jul 18)
- Re: Malware detection ricky alwi (Jul 18)
- RE: Malware detection John Hebert (Jul 18)
- Message not available
- RE: Malware detection John Hebert (Jul 18)
- Message not available
- RE: Malware detection John Hebert (Jul 19)
- Re: Malware detection Stephanus J Alex Taidri (Jul 23)
- Re: Malware detection Vic Vandal (Jul 19)
- Re: Malware detection Tony (Jul 18)
- Re: Malware detection Vic Vandal (Jul 23)
- Re: Malware detection Jeffrey Walton (Jul 24)
- RE: Malware detection Eric Krumm (Jul 24)
- Re: Malware detection Vic Vandal (Jul 26)
- RE: Malware detection David Gillett (Jul 26)