Full Disclosure mailing list archives
detecting targetted malware
From: "lsi" <stuart () cyberdelix net>
Date: Mon, 22 Jan 2007 12:42:43 -0000
This is probably patented and implemented already but nonetheless its a new idea for me, so I mention it... While mass-produced malware remains an issue for a most users, an significant threat is also posed by malware customised for a specific victim (so called 'targetted malware'). This threat is potentially worse as an organisation cannot rely on traditional AV or anti- spyware scanners to detect the targetted malware; as the malicious code is customised it does not have an entry in AV/AS signature databases. Despite this, detecting customised code should be easy. All that's needed is a scanner. It simply finds every piece of executable code on a system. It then compares each piece with its list of known-good executables. Any executable that is found but is not on the list is an intruder. This approach takes advantage of the fact that, unlike spam, we can make a list of all our known-good items. Stu --- Stuart Udall stuart at () cyberdelix dot net - http://www.cyberdelix.net/ --- * Origin: lsi: revolution through evolution (192:168/0.2) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- detecting targetted malware lsi (Jan 22)
- Re: detecting targetted malware 3APA3A (Jan 22)
- Re: detecting targetted malware kevin fielder (Jan 22)
- Re: detecting targetted malware Nick FitzGerald (Jan 22)
- <Possible follow-ups>
- Re: detecting targetted malware Randall M (Jan 22)
- Re: detecting targetted malware Randall M (Jan 22)