On 2/26/13 12:03 PM, Harvey Rothenberg wrote:> To All, > > Reported this last Monday, Concern is rising in the security world over > sophisticated malicious code that attacks a computer's RAM. Called > "advanced volatile threats," or ATVs, their emergence comes as > corporations and government agencies are starting to publicly > acknowledge network intrusions. Security experts are concerned, > wondering what the bad guys will do next.
What they will do next!?! Security experts realize this has been going on for years. I have to say this is the silliest thing I have read recently. To say that memory resident attacks (which actually *are* "advanced") are a new threat, or even growing, is an exaggeration. There were memory resident distributed sniffers on AIX in 1998, the Linux Slapper worm was compiled and deleted (running only in memory) in 2002, and Conficker.C could download and run code in memory only. There is nothing to warrant a new name, let alone push APT out of the way. APT is about the threat actors, not the tools they use, and much of what they do is not very advanced compared with things being done in 2001 (e.g., the months-long UW Medical Center intrusion crossing Linux, Windows desktops, and Windows servers). I really wish people would stop trying to make up new terms with no formal taxonomy or categorization, simply to raise their company's profile and sell products/services. I cover this topic further in a recent talk I did, if you care to understand why this unscientific use of made-up terms is a problem: https://www.usenix.org/conference/leet12/so-you-want-take-over-botnet My $0.02. Dave -- Dave Dittrich [email protected] http://staff.washington.edu/dittrich PGP key: http://staff.washington.edu/dittrich/pgpkey.txt Fingerprint: 097B 4DCB BF16 E1D8 A06C 7512 A751 C80A D15E E079 _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
