Jason Ross's presentation at the Blackhat DC conference related the
issues about checkbox compliance, that companies are using checkbox
compliance as a means to indicate whether they are secure. When in fact
it should be deemed as the lowest possible level of acceptance a
baseline of acceptance and he points out as others have that some of
the largest privacy compromises of personal information were done at
companies that had past their external PCI audits. Compliance is
absolutely wonderful it enforces at least a baseline of requirements
but it should not be used as a means that you have a seal that protects
you from exploits and non-publicized
holes in the grid.
Jason points out the difficulties of detecting Malware in enterprise environments, that by the time the antivirus sends off an alert about a malware or virus being seen it's usually too late you have already been owned, as Dan Geer pointed out a few years ago at the Gartner Risk Conference it's hard to get exact metrics on what is happening because by the time that alert kicks off 6 other events have already happened that were not detected.
For IT and Security administrators that have been through some of these malware wars with Downloaders and Polymorphic attacks know that just because the antivirus says it's cleaning up there are way too many other things happening. I once saw some thing interesting it was a Polymorphic virus that was loaded on a system that had Microsoft's development studio on it, that we could watch as the polymorphic virus recompiled other malware from it's code that would attempt many ways to infect the machine and other machines quickly and one time there was a downloader. Even Microsoft writes about recovering the operating system and files from a known state from before this activity started unfortunately with out historical view of activity on this node and user that information and the correlation of events will be difficult.
Jason Ross points out the goals of malware now is to have Business support models. Their objective is not to be noisy but to be very quietly performing their tasks of infecting other hosts and using a network of hosts to make money and the use of malware like URL Zone and Monkif
In the presentation he talks about Spider Monkey - By Didier Stevens a tool for helping to analyze malcode. The use of SAN NETS to isolate malcode in action so that it can be analyzed to determine what it wants to connect with or what services or files it wants to abuse with Polymorphic viruses that constantly change it's usually interesting to observe them in action in a closed environment.
Years ago I can't remember the movie name, but the analyst in the movie were collecting them and keeping the code and binaries for sale and redistribution or modifying them in some way not to be detected.
Another point from the presentation is that Malcode writers are now writing them so they can not be easily detected by signatures by using multicode that each binary performs a small function of the code.
via this Black Hat briefing
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=748a0e9e-5394-4503-9062-a44fa2f55524)
holes in the grid.
Jason points out the difficulties of detecting Malware in enterprise environments, that by the time the antivirus sends off an alert about a malware or virus being seen it's usually too late you have already been owned, as Dan Geer pointed out a few years ago at the Gartner Risk Conference it's hard to get exact metrics on what is happening because by the time that alert kicks off 6 other events have already happened that were not detected.
For IT and Security administrators that have been through some of these malware wars with Downloaders and Polymorphic attacks know that just because the antivirus says it's cleaning up there are way too many other things happening. I once saw some thing interesting it was a Polymorphic virus that was loaded on a system that had Microsoft's development studio on it, that we could watch as the polymorphic virus recompiled other malware from it's code that would attempt many ways to infect the machine and other machines quickly and one time there was a downloader. Even Microsoft writes about recovering the operating system and files from a known state from before this activity started unfortunately with out historical view of activity on this node and user that information and the correlation of events will be difficult.
Jason Ross points out the goals of malware now is to have Business support models. Their objective is not to be noisy but to be very quietly performing their tasks of infecting other hosts and using a network of hosts to make money and the use of malware like URL Zone and Monkif
In the presentation he talks about Spider Monkey - By Didier Stevens a tool for helping to analyze malcode. The use of SAN NETS to isolate malcode in action so that it can be analyzed to determine what it wants to connect with or what services or files it wants to abuse with Polymorphic viruses that constantly change it's usually interesting to observe them in action in a closed environment.
Years ago I can't remember the movie name, but the analyst in the movie were collecting them and keeping the code and binaries for sale and redistribution or modifying them in some way not to be detected.
Another point from the presentation is that Malcode writers are now writing them so they can not be easily detected by signatures by using multicode that each binary performs a small function of the code.
via this Black Hat briefing
Internet Explorer could turn your Windows XP machine into a web server, Microsoft warns (guardian.co.uk)
- Massive blackhat SEO of 200K sites (ecombizcenter.blogspot.com)
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=a62363bc-497f-4d21-a8bc-d8da436859ff)
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=24caacab-f4c1-4232-9731-cf30fac13171)
