Security Incidents mailing list archives
Re: Possible Mail server compromise ?
From: Valdis.Kletnieks () vt edu
Date: Wed, 20 Feb 2008 12:11:18 -0500
On Tue, 19 Feb 2008 21:14:46 EST, Jon Oberheide said:
I'm not sure how n.runs implements their system, but our system uses Xen VMs for the detection engines. When it is determined that a piece of malware has exploited the AV software (through non-whitelisted process spawning, any network activity, or other unexpected system behavior),
That is, of course, assuming you don't get blue-pilled before you realize that it's been exploited. Running in a VM helps a *lot*, but it does *not* guarantee that nothing will get loose (and notice that a clever malware can simply redpill detect that it's running in a VM, and do nothing malicious until it detects that it's on a real machine - malware has a *long* tradition of detecting and evading if it's running under a debugger...
Attachment:
_bin
Description:
Current thread:
- Re: Possible Mail server compromise ?, (continued)
- Re: Possible Mail server compromise ? Faas M. Mathiasen (Feb 19)
- Re: Possible Mail server compromise ? Valdis . Kletnieks (Feb 20)
- Re: Possible Mail server compromise ? Bob Toxen (Feb 20)
- Re: Possible Mail server compromise ? Faas M. Mathiasen (Feb 20)
- Re: Possible Mail server compromise ? Eygene Ryabinkin (Feb 20)
- Re: Possible Mail server compromise ? Faas M. Mathiasen (Feb 20)
- Re: Possible Mail server compromise ? Valdis . Kletnieks (Feb 20)
- Re: Possible Mail server compromise ? Faas M. Mathiasen (Feb 21)
- Re: Possible Mail server compromise ? Paul Schmehl (Feb 21)
- Re: Possible Mail server compromise ? Jon Oberheide (Feb 20)
- Re: Possible Mail server compromise ? Valdis . Kletnieks (Feb 20)
- Re: Possible Mail server compromise ? Faas M. Mathiasen (Feb 20)
- Re: Possible Mail server compromise ? Peter Kosinar (Feb 20)
- Re: Possible Mail server compromise ? Faas M. Mathiasen (Feb 21)
- RE: Possible Mail server compromise ? Richard C Lewis (Feb 22)
- Re: Possible Mail server compromise ? Faas M. Mathiasen (Feb 26)
- Re: Possible Mail server compromise ? Eduardo Tongson (Feb 20)
- Re: Possible Mail server compromise ? Faas M. Mathiasen (Feb 20)
- Re: Possible Mail server compromise ? Eduardo Tongson (Feb 21)