Re: We got owned by the Chinese and didn't even get a "lessons learned"

[Joanna Rutkowska <joanna () invisiblethings org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dave Aitel wrote:
/.../
> So essentially, the only part of network security that protected you
> against this was a human component. Some random dude got suspicious and
> picked it up. Perhaps this was the thousandth time it was used. It
> certainly wasn't the first.
This is so true. And let's think what would happened if they used some
more sophisticated communication channel? And what if they used slightly
more advanced stealth technology to hide the backdoor? And what if they
sent only few malicious word files instead of thousands? Would anybody
ever noticed them? How smart (or luckily) our 'random dude' would have
to be in that case? How can we be sure that it hadn't happened long before?

So, I'm quite curious what kind of (mature) products we have today to
detect advanced malware on Windows/x86-32 platform? Only please do not
mention hidden files, registry and process detectors (and not even try
thinking about signature detectors)... Anybody? (this is not a
rhetorical question, I really am curious!)

cheers,
joanna.

-----BEGIN PGP SIGNATURE-----

iD8DBQFEdF54ORdkotfEW84RAmCDAKCBpfw5QUbu0RfegN79FQqf6Vtm7ACeNISw
1Uj8B81hkcv6fysjU3aFP3M=
=NuOD
-----END PGP SIGNATURE-----