Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Stormy weather for malware defenses
Robert Lemos, SecurityFocus 2007-03-05

When the Storm Worm swept through the Internet in mid-January, the program's writers took a brute force approach to evading antivirus defenses: They created a massive number of slightly different copies of the program and released them all at the same time.

Comments Mode:
Signatures 2007-03-06
Calyptix Security
Signatures can be useful, but this shows some of their limitations. We were very successful in blocking this worm (and variants) early on without any signatures.

http://www.calyptix.com/press/2007/calyptix-pr-20070123.php

...

[ more ]  [ reply ]
this is so 90's 2007-03-06
lsi
c'mon folks, I though y'all were using generic sigs these days! Search on TVqQAAMAAA ........

[ more ]  [ reply ]
Stormy weather for malware defenses 2007-03-07
Matthew Murphy (1 replies)
Storm demonstrates the problem of relying on threat-specific response to effectively block threats. The Storm authors obviously know what they're doing -- the "death by a thousand cuts" strategy is a way of blasting open the zero-hour protection gap that has plagued AV for years.

There needs to ...

[ more ]  [ reply ]
Re: Stormy weather for malware defenses 2007-03-09
Anonymous (1 replies)
The future is the white list of resources (files, I/O, network connections) that any program/user may access, ban on everything else, thin client.

Not a big thing on unix-like systems at least from technical point of view. The only problem - 95% of desktops is MS Win......

[ more ]  [ reply ]
Re: Re: Stormy weather for malware defenses 2007-03-20
Anonymous
That's all well and good, but it only works until your CEO tries to play bridge online and it gets blocked. Holy hell gets raised, explanations are offered and ignored, and what is arguably the system in most need of security is left wide open....

[ more ]  [ reply ]
Stormy weather for malware defenses 2007-03-07
Amit
There is an interesting site called : www.securitysamaritans.com which tracks the vulnerabilities in security products. As they say that your weaknesses are same as the weaknesses in the security mechanisms, this trend of attackign security products will tend to grow....

[ more ]  [ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus