A New Approach to Mutating Malware

← Back to Stories (view on slashdot.org)

A New Approach to Mutating Malware

Posted by Zonk on Friday February 9, 2007 @10:45AM from the bigger-hammers dept.

mandelbr0t writes "CBC is reporting that researchers at the Penn State University have discovered a new method of fighting malware that better responds to mutations. From the article: 'The new system identifies a host computer with a high rate of homogeneous connection requests, and blocks the offending computer so no worm-infected packets of data can be sent from it.' This is a change from previous methods, which compared suspected viruses against known signatures. Mutations in malware took advantage of the time-delay between the initial infection and the time taken by the anti-virus system to update its known signatures. This new system claims to be able to recognize new infections nearly instantly, and to cancel the quarantine in case of false alarm."

9 of 80 comments (clear)

Min score:

Reason:

Sort:

a high rate of homogeneous connection requests by HTH+NE1 · 2007-02-09 10:48 · Score: 4, Funny

The new system identifies a host computer with a high rate of homogeneous connection requests, and blocks the offending computer so no worm-infected packets of data can be sent from it.
Great, so I happen to spend a whole day on the computer doing nothing but playing one first-person shooter and I'll get cut off from the net? Did this idea come from Korea?

--
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
What about wanted high rate requests? by Dark+Kenshin · 2007-02-09 10:56 · Score: 2, Funny

... or is porn just an actively sought out form of malware?

--
"I only know 2 things: The love for me, and the fear of me."
Re:From TFA ... by LiquidCoooled · 2007-02-09 11:03 · Score: 4, Funny

Perhaps it performs its detection based upon the evil bit.

--
liqbase :: faster than paper
Huh? by EvanED · 2007-02-09 11:08 · Score: 2, Funny

I wish the article didn't pretty much suck...

This is the webpage for the Cyber Security Lab. I don't see anything about this on there, but a Google search for Proactive Worm Containment brings up this presentation.
high rate of homogeneous connection requests by Anonymous Coward · 2007-02-09 11:12 · Score: 5, Funny

I don't see what anyones sexuality or promiscuity should matter. Live and let live.
1. Re:high rate of homogeneous connection requests by Dirtside · 2007-02-09 13:35 · Score: 4, Funny
  
  Maybe it's a "Don't ACK, don't tell" policy.
  
  --
  "Destroy science and religion. Science would re-emerge exactly the same; but not religion." - Penn Jillette, paraphrased
Simple fix by Quiet_Desperation · 2007-02-09 15:09 · Score: 2, Funny

Hunt down the authors and cut their balls off. Publically. People underestimate the visual deterrent power of a Bowie knife taken to some testicles.

Seriously, we need to start SOLVING problems in this world, and you don't solve problems without leaving at least a few asses in a well kicked state.

Sorry, but welcome to the human race.
Re:Safemaker, Safebreaker by mikiN · 2007-02-09 20:58 · Score: 2, Funny

...like the Kuang Grade Mark 11...

--
The Hacker's Guide To The Kernel: Don't panic()!
ping by Anonymous Coward · 2007-02-10 03:27 · Score: 1, Funny

so what if i DoS 127.0.0.1?