Re: informIT: Modern Malware

["Kevin W. Wall" <kevin.w.wall () gmail com>]

On 03/26/2011 01:12 PM, Gunnar Peterson wrote:
> Advanced = goes through firewall
> Persistent = tried more than once
> Threat = people trying to get into valuable stuff
>
> Nothing new to sc-l readers, but a Reasonably good marketing term esp by infosec standards (yay we get to scare 
> business people with something other than an auditor's clipboard!); really its all just the collective sound of 
> infrastructure security people coming to grips with the fact that their firewall isn't a wall at all, but rather a 
> series of holes.

Uh..., doesn't *most* of malware go through firewalls now days? So how is that
"advanced"?

In reality, "advanced" a used with APT means that malware that was clever
enough to evade our normal AV defenses and socially engineer its way past
the common sense of those humans who wanted to see the "dancing pigs".

In short, APT is spin-doctoring for getting caught with ones pants down.

-kevin
-- 
Kevin W. Wall
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We cause accidents."        -- Nathaniel Borenstein, co-creator of MIME
_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________