Printable View
Well, this year's blackhat produced one or two amusing items. The "race to zero" contest being one? That's the one where you have to obfuscate really old malware to pass the latest AVs.
http://www.securityfocus.com/news/11531
What really creased me up was that Symantec obviously didn't want to play the game fairly?
Me// I would just install DOS 5.0 (a well known malware:lildevil:) and run what I liked; knowing that none of the AVs or security suites could handle it :D
Imagine what would happen if someone rewrote and released some of the major bugs. Sasser alone brought several corporations in the US to their knees with the constant restart exploit. I vote everyone moves to Linux and forces software developers to move with us! :D
Remember that Sasser and Msblaster relied on an unpatched vulnerability to infect (sasser being the least effective) We are only ever one unpatched vulnerability away from any of the above.. the open door of IE6 .. how many still use it..too many.. don't forget that many people running Firefox are open as well..well those who do not block scripts.. Now to obscure any of the old RAT's from NAV., Trend, CA, NA etc.. would be a challenge but not impossible...Quote:
Originally Posted by keezel
We n.e.e.d some Linux viruses. ;)Quote:
Originally Posted by keezel
Hmm
To be perfectly honest Panda AV has trouble detecting very old malware for some reason.
Hmmmmm,
Yes, I found that problem with Panda.......... probably because my 286 only has a 20 Megabyte HDD :DQuote:
To be perfectly honest Panda AV has trouble detecting very old malware for some reason.
Seriously, a lot of the old stuff just won't run on XP or Vista, so why check for it?
True Nihil
I msut explain to a customer why AVG 7.5 Free edition pics these old malware types up and Panda doesnt, quite difficult.
However with the 2009 product it cross references the "cloud" which is a little server sitting in spain for the 10 million signatures it has. I dont know how thqat will affect BW but its better than the 1.8 mil signature resident on the machine.
"I vote everyone moves to Linux and forces software developers to move with us!"
Linux has problems too.
For example, see this: http://www.cs.arizona.edu/people/jus...-managers.html
Recently I stopped using antivirus software. Part of the decision came from wanting to ditch the system overhead. And there was another reason I won't get into to. I figured that updating, careful monitoring of what I download and install, and use of Vista's User Account Control and Data Execution Prevention techniques will keep me out of trouble. When I used XP I used an ordinary user account the vast majority of the time. I for one appreciate this new feature of Vista. I do use the free version of BitDefender to scan stuff I download from the Internet, and I have Windows Defender running.
(However, recently I read about this new possible area of exploits for Vista (however I believe some of it could also apply to Linux systems which use AppArmor and SELinux and the like).
http://searchsecurity.techtarget.com...324395,00.html
Needless to say I'm interested in what comes of this.)
I've also read that malware writers test their exploits against different AV suites to make sure it works. I think I agree with those who say AV software can give a false sense of security.
Every compromised server I've ever seen had ten or twelve year old web based shells installed.Quote:
We n.e.e.d some Linux viruses.