-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Daniel J. Axtens wrote:
>>Possible, but not very practical.
>
>I thought there might be some problems with that approach :)
>
>Another approach I thought of was to hide the module the same way the
>adore worm is hidden - but this would still be vulnerable to pattern
>matching. Perhaps encryption is the way to go - the only problem then
>is that you need a decryptor, which is then *itself* vulnerable to
>pattern matching.
>
>Maybe we should look to the enemy for solutions: could polymorphic
>virus techniques help here?
>
>Another random (and probably useless :) idea,
>Daniel Axtens
FWIW, the original Sebek was based on Adore. Today its hiding is
conceptually
simliar, with the addition of some packet hiding stuff.
This is starting to sound a lot like actual work, and makes me wonder
if we
putting a lot of effort mitigating a threat vs a risk ;-)
Edward
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFDRmeylKB5oSzVKwoRAr0PAJwMIVPBbQZOONO8smFFYbw6BCYPswCfSHsF
zZu6d323XURE+4c8OtOHQ+E=
=ClCX
-----END PGP SIGNATURE-----
Received on Oct 07 2005
Intro
