A New Approach to Mutating Malware

mandelbr0t writes "CBC is reporting that researchers at the Penn State University have discovered a new method of fighting malware that better responds to mutations. From the article: 'The new system identifies a host computer with a high rate of homogeneous connection requests, and blocks the offending computer so no worm-infected packets of data can be sent from it.' This is a change from previous methods, which compared suspected viruses against known signatures. Mutations in malware took advantage of the time-delay between the initial infection and the time taken by the anti-virus system to update its known signatures. This new system claims to be able to recognize new infections nearly instantly, and to cancel the quarantine in case of false alarm."

a high rate of homogeneous connection requests

[HTH+NE1]

The new system identifies a host computer with a high rate of homogeneous connection requests, and blocks the offending computer so no worm-infected packets of data can be sent from it.

Great, so I happen to spend a whole day on the computer doing nothing but playing one first-person shooter and I'll get cut off from the net? Did this idea come from Korea?

Re:From TFA ...

[LiquidCoooled]

Perhaps it performs its detection based upon the evil bit.

high rate of homogeneous connection requests

I don't see what anyones sexuality or promiscuity should matter. Live and let live.

Re:high rate of homogeneous connection requests

[Dirtside]

Maybe it's a "Don't ACK, don't tell" policy.