Slashdot Mirror

← Back to Stories (view on slashdot.org)

Shape-Shifting Malware Hits the Web

Posted by ScuttleMonkey on from the dopple-gang-bang-the-new-ddos dept.

Stony Stevenson writes to tell us that in a recent interview, Marc Henauer has revealed that security researchers are falling behind now that malware is starting to be able to change its signature every few hours. "Unfortunately the know-how and construction kits used to create this shape-shifting threat are now readily available and are unleashing a wave of malware based on social engineering techniques. [...] Sweeney believes that a non rules-based monitoring process must be set up to defend all ingress and egress points covering SMTP, DNS, HTTP(s), IM etc."

4 of 179 comments (clear)

  1. More like Everything Old is New Again by WinPimp2K · · Score: 2, Informative

    Or am I the only one old enough to remember that brief time when DAME was considered the unholy terror?

    --

    You either believe in rational thought or you don't
    1. Re:More like Everything Old is New Again by idontgno · · Score: 2, Informative

      Ah, Dark Avenger Mutation Engine. Sheesh. That brings back memories of frisk and Vesselin Bontchev holding forth on VIRUS-L. The good ol' days.

      Dang. It's been at least 1 1/2 decades that experts have been warning that signature-based malware detection isn't gonna cut it. Heck, Fred Cohen warned us in 1987. So what do we get? Nothin' but signature-based antivirus. Sucks bad to be us. Great time to be an antivirus vendor though.

      --
      Welcome to the Panopticon. Used to be a prison, now it's your home.
  2. Comment removed by account_deleted · · Score: 4, Informative

    Comment removed based on user account deletion

  3. Re:Trying to wikipedia your way to a +5, eh? by ka9dgx · · Score: 2, Informative

    It's like structured code vs assembler.... you can do the same thing in either, in theory.
    The difference is that the USER should get to pick which side effects they want to let a given random piece of code get away with, regardless if it was written in Redmond or somewhere else.
    There's currently no way for a user to specify what a program can/can't do other than to create an account, set the permissions on EVERYTHING it might touch, and then hope it doesn't somehow do something bad anyway due to a bug somewhere in any of the code currently running on the system.
    This is true in pretty much any popular OS.
    I realized the difference is subtle, but it's very important.