informIT: Modern Malware

[Gary McGraw <gem () cigital com>]

hi sc-l,

The tie between malware (think zeus and stuxnet) and broken software of the sort we work hard on fixing is difficult 
for some parts of the market to fathom.  I think it's simple: software riddled with bugs and flaws leads directly to 
the malware problem.   No, you don't use static analysis to "find malware" as the AT&T guys sometimes think…you use it 
to find the kinds of bugs that malware exploits to get a toehold on target servers.  One level removed, but a clear 
causal effect.

Malware is something Cigital has been thinking and writing about for many years.  This month's informIT column takes a 
walk down memory lane and then fast forwards to today.

Modern Malware<http://www.informit.com/articles/article.aspx?p=1695979> (March 22, 2011)

This month's article is the latest in a series I have been publishing for over 5 years.  You can find all of the 
articles here: http://www.cigital.com/~gem/writings/

Incidentally, a Justice League blog entry featuring the malware article also includes a pointer to a video produced by 
Dasient about the malware problem.  See http://www.cigital.com/justiceleague/

gem

_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________