| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <45B4B143.31827.4B9D873@stuart.cyberdelix.net> Date: Mon, 22 Jan 2007 12:42:43 -0000 From: "lsi" <stuart@...erdelix.net> To: Full-disclosure@...ts.grok.org.uk Subject: detecting targetted malware This is probably patented and implemented already but nonetheless its a new idea for me, so I mention it... While mass-produced malware remains an issue for a most users, an significant threat is also posed by malware customised for a specific victim (so called 'targetted malware'). This threat is potentially worse as an organisation cannot rely on traditional AV or anti- spyware scanners to detect the targetted malware; as the malicious code is customised it does not have an entry in AV/AS signature databases. Despite this, detecting customised code should be easy. All that's needed is a scanner. It simply finds every piece of executable code on a system. It then compares each piece with its list of known-good executables. Any executable that is found but is not on the list is an intruder. This approach takes advantage of the fact that, unlike spam, we can make a list of all our known-good items. Stu --- Stuart Udall stuart at@...erdelix.dot net - http://www.cyberdelix.net/ --- * Origin: lsi: revolution through evolution (192:168/0.2) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists