This is probably patented and implemented already but nonetheless its a new idea for me, so I mention it...
While mass-produced malware remains an issue for a most users, an significant threat is also posed by malware customised for a specific victim (so called 'targetted malware'). This threat is potentially worse as an organisation cannot rely on traditional AV or anti- spyware scanners to detect the targetted malware; as the malicious code is customised it does not have an entry in AV/AS signature databases. Despite this, detecting customised code should be easy. All that's needed is a scanner. It simply finds every piece of executable code on a system. It then compares each piece with its list of known-good executables. Any executable that is found but is not on the list is an intruder. This approach takes advantage of the fact that, unlike spam, we can make a list of all our known-good items. Stu --- Stuart Udall stuart [EMAIL PROTECTED] net - http://www.cyberdelix.net/ --- * Origin: lsi: revolution through evolution (192:168/0.2) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
