re:
Storm, Nugache lead dangerous new botnet barrage
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1286808,00.html
from above:
The creators of these Trojans and bots not only have very strong
software development and testing skills, but also clearly know how
security vendors operate and how to outmaneuver defenses such as
antivirus software, IDS and firewalls, experts say. They know that they
simply need to alter their code and the messages carrying it in small
ways in order to evade signature-based defenses. Dittrich and other
researchers say that when they analyze the code these malware authors
are putting out, what emerges is a picture of a group of skilled,
professional software developers learning from their mistakes, improving
their code on a weekly basis and making a lot of money in the process.
... snip ...
... and somewhat related
Virtualization still hot, death of antivirus software imminent, VC says
http://www.networkworld.com/news/2007/121707-crystal-ball-virtualization.html
from above:
Another trend Maeder predicts for 2008 is, at long last, the death of
antivirus software and other security products that allow employees to
install and download any programs they'd like onto their PCs, and then
attempt to weed out the malicious code. Instead, products that protect
endpoints by only allowing IT-approved code to be installed will become
the norm.
... snip ...
and post about dealing with compromised machines
http://www.garlic.com/~lynn/2007u.html#771 folklore indeed
mentioning sophistication in other ways:
Botnet-controlled Trojan robbing online bank customers
http://www.networkworld.com/news/2007/121307-zbot-trojan-robbing-banks.htm
from above:
If the attacker succeeds in getting the Trojan malware onto the victim's
computer, he can piggyback on a session of online banking without even
having to use the victim's name and password. The infected computer
communicates back to the Trojan's command-and-controller exactly which
bank the victim has an account with. It then automatically feeds code
that tells the Trojan how to mimic actual online transactions with a
particular bank to do wire transfers or bill payments
... snip ...
there have been some number of online banking countermeasures for
specific kinds of system compromises .... like keyloggers ... but they
apparently didn't bother to get promises from the crooks to only limit
the kinds of attacks to those exploits.
some related comments on such compromised machines
http://www.garlic.com/~lynn/aadsm27.htm#66 2007: year in review
http://www.garlic.com/~lynn/aadsm28.htm#0 2007: year in review
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
