Slashdot Mirror

← Back to Stories (view on slashdot.org)

Shape-Shifting Malware Hits the Web

Posted by ScuttleMonkey on from the dopple-gang-bang-the-new-ddos dept.

Stony Stevenson writes to tell us that in a recent interview, Marc Henauer has revealed that security researchers are falling behind now that malware is starting to be able to change its signature every few hours. "Unfortunately the know-how and construction kits used to create this shape-shifting threat are now readily available and are unleashing a wave of malware based on social engineering techniques. [...] Sweeney believes that a non rules-based monitoring process must be set up to defend all ingress and egress points covering SMTP, DNS, HTTP(s), IM etc."

6 of 179 comments (clear)

  1. This is a GOOD thing by $RANDOMLUSER · · Score: 5, Insightful

    Maybe now we'll stop pretending that glorified versions of grep can keep us safe.

    --
    No folly is more costly than the folly of intolerant idealism. - Winston Churchill
  2. I love it. by Anonymous Coward · · Score: 5, Funny

    The slashdot synopsis is longer than the article.

  3. Enumerating the Bad is not a good idea by corsec67 · · Score: 5, Insightful

    Enumerating the bad is usually a bad idea, since it is to easy to change what is "bad". We enumerate the good with firewalls, why should software security be any different? Distro repository + corperate repository should cover all software necessary, right?

    Will we now see true evolution of software viruses?

    This is pretty much #1 and #2 in this list of The Six Dumbest Ideas in Computer Security.

    --
    If I have nothing to hide, don't search me
  4. It's just the anti-virus companies claiming that. by khasim · · Score: 5, Insightful

    That way they can keep selling you "updated" "signature files" every hour / day / week / month / year.

    The correct way to handle this is to set up your system so that the user cannot ACCIDENTALLY execute any external code.

    There's no way to solve the issue of some idiot clicking on everything and putting in the root password whenever asked. So don't bother bringing that case up.

    For everyone else, lock the OS files so that it cannot be infected and set the user writable portion to not execute any code. There, the majority of that problem is solved.

    Then, ship the default installation without any open ports and you've pretty much solved the worm issue.

    But that approach means that the anti-virus companies cannot keep selling you new signature files. So don't expect any of them to support it.

  5. A Blast from the Past.... by NullProg · · Score: 5, Insightful

    1991
            Tequila is the first widespread polymorphic virus found in the wild. Polymorphic viruses make detection difficult for virus scanners by changing their appearance with each new infection.


    Sweeney believes that a non rules-based monitoring process must be set up to defend all ingress and egress points covering SMTP, DNS, HTTP(s), IM etc."

    Its called heuristics and its been in use for a while.

    Enjoy,

    --
    It's just the normal noises in here.
  6. Re:It's just the anti-virus companies claiming tha by ka9dgx · · Score: 5, Insightful
    The user has two options... click or don't.

    How about giving the user more choices? You might want to let them run it in a sandbox, or run it without internet access, or chroot it.

    If they had a way to express their intent, and actually control how much they give away when they click... it would go a VERY long way towards fixing things, probably 99%.

    --Mike--