|
Full Disclosure
mailing list archives
detecting targetted malware
From: "lsi" <stuart () cyberdelix net>
Date: Mon, 22 Jan 2007 12:42:43 -0000
This is probably patented and implemented already but nonetheless its
a new idea for me, so I mention it...
While mass-produced malware remains an issue for a most users, an
significant threat is also posed by malware customised for a specific
victim (so called 'targetted malware'). This threat is potentially
worse as an organisation cannot rely on traditional AV or anti-
spyware scanners to detect the targetted malware; as the malicious
code is customised it does not have an entry in AV/AS signature
databases.
Despite this, detecting customised code should be easy. All that's
needed is a scanner. It simply finds every piece of executable code
on a system. It then compares each piece with its list of known-good
executables. Any executable that is found but is not on the list is
an intruder.
This approach takes advantage of the fact that, unlike spam, we can
make a list of all our known-good items.
Stu
---
Stuart Udall
stuart at () cyberdelix dot net - http://www.cyberdelix.net/
---
* Origin: lsi: revolution through evolution (192:168/0.2)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- detecting targetted malware lsi (Jan 22)
|
Intro
