- May 11, 2013
- 1,687
Thats why i still love the good old computer completely hardened with nothing on it other then analyzing tools. Get infected? No problem just swap & replace partition to clean version and viola safe the infected one and just analyze the data in a Linux environment or in Solaris. Or just use professional malware analysis VM's designed for this purpose. May not be perfect but beats regular virtual box setups.
Easy as pie.
But yes malware becomes increasingly VM aware and some can escape a VM environment yet funny enough months ago when i explained this to some "ex-MT" members i got nearly beaten with a wet-tuna because what i said was in their vision pretty much BS.
Ahh well time is on our side.. lol.
All chitchat aside modern malware has nothing to do with the malware generation dating back just 1 -3 years ago.
Most new malware are in 30% of all cases based upon successful older versions or a combination of older types but then with a totally overhauled and optimized code. Making detection, removal and analyzing ALOT harder.
Most malware are designed to be very successful in the first say 1 month after that they served and outlived their purpose and its widely known that well spread malware does not escape the AV industry for long.
So dedicated attacks with specially designed malware becomes much more efficient and in 90% of the cases leaves big AV companies totally unaware of their existence.
Yet with Windows 10 in combination with much more powerful computers and a HEAVEN of apps and other new technology not to mention smart cars, homes and offices malware itself will grow much more sophisticated and become much more of a problem then viruses and malware ever where.
More and more hacker groups can get TAO malware or generate enough funds to have it made for them.
And this becomes a VERY serious problem since the previous generation of Trojans, Virri and Rootkits where "mass infection" based the new generation is user profile & behavior based and in most cases targeted specifically.
Another on-line problem is the use of nearly AI based malware infection techniques who use a set of malware scripts to generate a unique type of malware specially designed for your PC (While infact its just a mass production malware but then obfuscated in such way that each infection is unique, and this problem is starting to worry the security industry, since you are basically searching for a lone wolf.
Its like terrorism if you target a group then this is hard but doable, but searching for a single person or a very select group of people is nearly impossible. And thats exactly the same with the new generation of malware and future versions. The do not intent to infect and damage your PC but they hijack existing programs to obtain data which can be turned into money.
Thats why the true concept of BIG DATA is actually a very scary thing as most people out there and even professional ones do not have a clue how far big data goes and what is possible within the cloud and big data environment. Simply put destroying a computer does not make a criminal rich, hijacking a computer does give the criminal limited access and options to generate good revenues but in the end both cases will get caught, however malware that goes after B-D has all the options you expect from advanced malware yet as long it can steal data it generates massive amounts of money and as such the malware industry is a bigger industry then cocaine or heroine drug industry.
I mean look at some of these hacker groups and what they really can do? No existing security application or hardware based application is safe regardless if its industrial or military grade, if targeted by such attacks and groups they will get in and often the victim finds out weeks later. Now imagine how much data one can steal from you or 95% of all home users? that being said in the near future you will see much more malware that are a few steps ahead of anything offered by conventional security firms.
Hence why companies around the world starting to move away from classical windows distributions and Linux distributions in favor of custom developed OS versions.
And yes the weakspot of malware has always been the pretty damn good analysis capabilities deployed by most security firms, so the more dust and sand Internet criminals can trow in our eyes the more of a head start they have in a war we pretty much already lost before it even did begin.
Maybe a bit long as a reply but i did want to trow this out there and see what you guys think, Since VM based analysis counts for at least 65% of all techniques used.
Kind Regards,
Nico
Easy as pie.
But yes malware becomes increasingly VM aware and some can escape a VM environment yet funny enough months ago when i explained this to some "ex-MT" members i got nearly beaten with a wet-tuna because what i said was in their vision pretty much BS.
Ahh well time is on our side.. lol.
All chitchat aside modern malware has nothing to do with the malware generation dating back just 1 -3 years ago.
Most new malware are in 30% of all cases based upon successful older versions or a combination of older types but then with a totally overhauled and optimized code. Making detection, removal and analyzing ALOT harder.
Most malware are designed to be very successful in the first say 1 month after that they served and outlived their purpose and its widely known that well spread malware does not escape the AV industry for long.
So dedicated attacks with specially designed malware becomes much more efficient and in 90% of the cases leaves big AV companies totally unaware of their existence.
Yet with Windows 10 in combination with much more powerful computers and a HEAVEN of apps and other new technology not to mention smart cars, homes and offices malware itself will grow much more sophisticated and become much more of a problem then viruses and malware ever where.
More and more hacker groups can get TAO malware or generate enough funds to have it made for them.
And this becomes a VERY serious problem since the previous generation of Trojans, Virri and Rootkits where "mass infection" based the new generation is user profile & behavior based and in most cases targeted specifically.
Another on-line problem is the use of nearly AI based malware infection techniques who use a set of malware scripts to generate a unique type of malware specially designed for your PC (While infact its just a mass production malware but then obfuscated in such way that each infection is unique, and this problem is starting to worry the security industry, since you are basically searching for a lone wolf.
Its like terrorism if you target a group then this is hard but doable, but searching for a single person or a very select group of people is nearly impossible. And thats exactly the same with the new generation of malware and future versions. The do not intent to infect and damage your PC but they hijack existing programs to obtain data which can be turned into money.
Thats why the true concept of BIG DATA is actually a very scary thing as most people out there and even professional ones do not have a clue how far big data goes and what is possible within the cloud and big data environment. Simply put destroying a computer does not make a criminal rich, hijacking a computer does give the criminal limited access and options to generate good revenues but in the end both cases will get caught, however malware that goes after B-D has all the options you expect from advanced malware yet as long it can steal data it generates massive amounts of money and as such the malware industry is a bigger industry then cocaine or heroine drug industry.
I mean look at some of these hacker groups and what they really can do? No existing security application or hardware based application is safe regardless if its industrial or military grade, if targeted by such attacks and groups they will get in and often the victim finds out weeks later. Now imagine how much data one can steal from you or 95% of all home users? that being said in the near future you will see much more malware that are a few steps ahead of anything offered by conventional security firms.
Hence why companies around the world starting to move away from classical windows distributions and Linux distributions in favor of custom developed OS versions.
And yes the weakspot of malware has always been the pretty damn good analysis capabilities deployed by most security firms, so the more dust and sand Internet criminals can trow in our eyes the more of a head start they have in a war we pretty much already lost before it even did begin.
Maybe a bit long as a reply but i did want to trow this out there and see what you guys think, Since VM based analysis counts for at least 65% of all techniques used.
Kind Regards,
Nico
