30 Haziran 2013 Pazar

MBR Kill

A massive computer shutdown of two South Korean banks and media companies occurred Wednesday via an Internet malware attack. The malware wiped out the master boot records on the hard drives of the infected computers, overwriting the MBR with either one of these strings:


Figure 1: Snapshot of MBR after infection.

May 2013 Cyber Attacks Statistics

 May 2013 Cyber Attacks Statistics

Trend May 2013

Motivations May 2013

21 Haziran 2013 Cuma

Signatureless Malware Detection

RSA ECAT Signatureless Malware Detection

Traditional antivirus companies are using known virus signatures to identify malware. Although this technique worked well in the past when a few thousand viruses were found in the wild each year, it has been overwhelmed by the growth of malware families. Just one AV vendor alone created more than 500,000 new signatures in 2010 and this flood doesn’t show any sign of stopping. Creating signatures requires dedicated highly skilled personnel that can’t keep up with the pace. They will be inevitably reactive, not proactive in identifying threats. They must focus on the most widely distributed malware and put aside those with low distribution rates, a category into which APT falls. As soon as a signature is deployed to block a known malware, the malware author starts the process of bypassing it by doing minor modifications to its code and testing it against the low-cost (usually free for 30 days) and publicly available products that detects it.

Instead of spending precious time analyzing malware samples to create signatures, our team works on automating the detection of anomalies within the computer’s applications and memory. In a typical enterprise environment, there are only a few thousands executables that typically get loaded in memory among which only a few generate anomalies. Legitimate anomalies are mostly created by security products and sandboxing technologies built in to browsers and file viewers. These products are limited in number, easy to obtain and analyze so we have incorporated them in a “known anomalies database”. Anomalies outside these are automatically flagged and reported to the ECAT console operator who can then use the collected intelligence to respond quickly.

Kaynakça : http://www.rsa.com

Yeniden Merhaba

Bir süre aradan sonra tekrar yayındayız. Yeni Güvenlik Trendleri , Yeni Güvenlik Mimari ve Süreç Tasarımları ile karşınızda olmaya devam edeceğiz.

Takipçilerimize teşekkürler.