Today i would like to announce our partnership between FMA and G-Labs (GL) and Toxic Cyber Data (TCD)
Both privately owned and NATO certified malware research groups, within the EU.
These companies will use the CBAD cloud framework to collect, identify and analyze malware and malicious files next to their own proven cloud and local malware research applications.
Also we are pleased to announce that we have installed:
50x Kippo SSH Honeypots which logs all kinds of malicious actions targeting SSH servers and remote access protocols.
50X Glastopf vulnerability honeypots which logs most vulnerability attacks towards windows and Linux based OS's
200x Dionaea Malware honeypots which will log lots and lots of windows based malware.
150x Thug which is basically a emulator honeypot that acts like a weak browser.
Also we increased our cloud capacity to 1000MBPS emulation speed at a 25mb file size.
Updated detection DB dramatically.
We are currently working on a addon malware engine that can detect malware while still packed as network data package, which will obviously be added (If and only if the tests keep producing good results) asap to our EYE/CBAD engine to have better real-time detection (More oriented towards Endpoint principal using DPI as a detection method next to our CBAD emulation and dynamic signature detection.)
Yes DPI can be used as malware detection tool if and only if you know what you are looking for.
Example: A rootkit is calling home (Prior or just after successful infection) the unique call can be used as a signature to block incoming and outgoing data streams. Basically rendering a rootkit home callling functions usless.
Adding the emulation power of the CBAD engine and you got yourself a heck of a detection method.
For nearly 4 years Norton and Kasperky have been trying to get this to work and it seems that FMA has beat them to it, as i got over 700 megs worth of logs proving it works, the only issue we have is the resource usage as this is over 450 megs.
Which is WAY WAY to much yet we tested the engine against 1000+ malware's provided by external verified research labs and the DPI based engine caught 86% of the transmitted malware based upon their unique network call sign.
And that makes my heart glow... it really does as if this works only 50% as good as it looks on paper then we got a instant winner here.
In the next weeks you will see serious changes to our CCSU guard program slowly changing from a forensic tool towards a find and deal with it on the spot utility.
So if you like to test our program you can download it from our website: https://fma-is.com however keep in mind we left the beta fase weeks ago but with this new added technology we are happy to announce that CCSU beyond 188.8.131.52 should be considered a new beta version.
Everything is going to change now, the only real kicker is that we do not have a new name yet for our CCSU V2 application, so if you come up with a good name for our program then this would be awesome.
Stay tuned for more.
I tried installing PR-Guard a few days ago on Windows 7X64 Ultimate, but it would not allow me to change the installation path so I aborted the installation. I wanted to install it in the Program Files Folders to avoid conflict with my policy based AE software. The installer gives the option to change the installation path, but it does not work.
It will, I think he's using AppGuard...