Trojan horse malware destroys delivery files to hide its tactics
- Thread starter Jack
- Start date
Gnosis
Level 5
- Apr 26, 2011
- 2,779
Nice post Jack.
Thank goodness for BB, HIPS and Sandboxing technology.
I knew something like this would be on the horizon, and if the trend gets malignant, then expect signature based scanners and signature based realtime malware detectors to be obsolete within a couple of years.
That is quite a game changer.
I like TF and Sandboxie more and more every day; simple, free, and secure with no slowdowns during boot time or otherwise.
NEXT ON THE HORIZON: Look for signature based PC security to get more expensive, and free versions to require some payments due to legit AV creators needing to go rogue in order to steal formerly hidden and deleted malware information from illegitimate hackers' computer databases. They will have to double their hacker work forces with some malicious espionage of their own. You will probably see them needing to hack the Kremlin, Russian Defense Ministry, State Department, etc. in order to keep up with threats since honey-pots will become useless.
Thank goodness for BB, HIPS and Sandboxing technology.
I knew something like this would be on the horizon, and if the trend gets malignant, then expect signature based scanners and signature based realtime malware detectors to be obsolete within a couple of years.
That is quite a game changer.
I like TF and Sandboxie more and more every day; simple, free, and secure with no slowdowns during boot time or otherwise.
NEXT ON THE HORIZON: Look for signature based PC security to get more expensive, and free versions to require some payments due to legit AV creators needing to go rogue in order to steal formerly hidden and deleted malware information from illegitimate hackers' computer databases. They will have to double their hacker work forces with some malicious espionage of their own. You will probably see them needing to hack the Kremlin, Russian Defense Ministry, State Department, etc. in order to keep up with threats since honey-pots will become useless.
- Mar 15, 2011
- 13,070
Oh well those type of vectors are nothing new and rare prevalence for a user to be infect (depends where the source could get it) however the problem most AV's were bypass from analyze when fact they could do complication process to make sure the protection guarantees.
No perfect but almost perfect can be.
No perfect but almost perfect can be.
As malware advances, and has advanced, it will be layered approaches that work best to thwart their progress. I have/do believe this approach to be the best method of defending ones system.
- Jan 8, 2011
- 22,403
If the downloaded components are programmed to be deleted (ie. irrecoverable), then (I may be wrong) a Behaviour Blocker or HIPS doesn't query the user whether you want to allow the deletion process?
Also could it fool any auto-sandbox analysis process?
Also could it fool any auto-sandbox analysis process?
Gnosis
Level 5
- Apr 26, 2011
- 2,779
Excellent point Earth.
I would be willing to bet that while a BB may not catch it unless custom settings were applied for such events, HIPS would.
I am thinking of tweaking Threatfire, with custom rules, for exactly that reason:
http://www.wilderssecurity.com/showthread.php?t=183020
I would be willing to bet that while a BB may not catch it unless custom settings were applied for such events, HIPS would.
I am thinking of tweaking Threatfire, with custom rules, for exactly that reason:
http://www.wilderssecurity.com/showthread.php?t=183020
Gnosis said:
If we run our browsers and EMail clients or open USB drives in a restricted sandbox, the threat described in the article wont do nothing as long as we don't recover the downloader to our real system. One more reason to start using the sandbox.
Bo
Similar threads
