Full Disclosure mailing list archives
Re: detecting targetted malware
From: "Randall M" <randallm () fidmail com>
Date: Mon, 22 Jan 2007 19:41:14 -0600
[ [---------------------------------------------------------------------- [ [Message: 1 [Date: Mon, 22 Jan 2007 12:42:43 -0000 [From: "lsi" <stuart () cyberdelix net> [Subject: [Full-disclosure] detecting targetted malware [To: Full-disclosure () lists grok org uk [Message-ID: <45B4B143.31827.4B9D873 () stuart cyberdelix net> [Content-Type: text/plain; charset=US-ASCII [ [ [While mass-produced malware remains an issue for a most users, an [significant threat is also posed by malware customised for a specific [victim (so called 'targetted malware'). This threat is potentially [worse as an organisation cannot rely on traditional AV or anti- [spyware scanners to detect the targetted malware; as the malicious [code is customised it does not have an entry in AV/AS signature [databases. [ [Despite this, detecting customised code should be easy. All that's [needed is a scanner. It simply finds every piece of executable code [on a system. It then compares each piece with its list of known-good [executables. Any executable that is found but is not on the list is [an intruder. [ [*********************************************** Lsi, You hit it right on the head. There are some scanners out there doing something similar. What you made me think about though is "Customized" Company proprietary scanners. At my place of work we "clone" the workstations. "We" know what is there. A central scanning solution with a "ok" list audits the workstations. Unusual programs are flagged and station sent to "holding" then IT alerted! WOW this is getting so Star Trek! I want one! _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- detecting targetted malware lsi (Jan 22)
- Re: detecting targetted malware 3APA3A (Jan 22)
- Re: detecting targetted malware kevin fielder (Jan 22)
- Re: detecting targetted malware Nick FitzGerald (Jan 22)
- <Possible follow-ups>
- Re: detecting targetted malware Randall M (Jan 22)
- Re: detecting targetted malware Randall M (Jan 22)