Please check the attachment :)
A recent ZDNet article reports that Graham Ingram and AusCERT are reporting that 80% of all malware is undetectable by anti-virus vendors. During a security breakfast Ingram said, "antivirus programs don't work."
Using our malware database we can confirm this fact. What's interesting is that AV programs fail differently. This is more proof that the closed-source, closed analysis methods have been woefully inadequate, albeit extremely profitable.
CNet is running a story on the new Rustock/Mailbot.AZ malware making the rounds. The hiding methods used by Rustock are certainly a threat, but hardly anything new. If anything this is a good example of a piece of malware that amalgamates the different methods together.
Is anyone actually surprised this happened? Is Greg Hoglund going to pop a vein when he sees CNet headlining Rootkits == Malware?
HDM from the Metasploit project has released a malware search engine. This is an open tool based on a similar idea from Websense. HD's idea expands on the Websense code in several ways. First it's an open project with code available. Second it searches for actual malware signatures, rather than just .exe's. HD uses the signature output from ClamAV to find the name of the malware. This is then used in conjunction with a PE signature matching method to form a Google query. Afterwards the malware can then be downloaded directly from google.
We provided our malware database to HDM for use in the initial tool. The results of the google downloads can be seen in the order of magnitude jump of our malware collection. Thanks HDM!
"A little-known capability in Google's search engine has helped security vendor Websense uncover thousands of malicious Web sites, as well as several legitimate sites that have been hacked, the company said today."
What's really interesting is this portion:
"Hubbard and his team plans to share its Google code with a select group of security researchers, but it will not make the software public, for fear that the tool could be misused by the bad guys."
This is yet another example of the reluctance to share information regarding malware. There's enough information in the article to replicate this information, but there is not enough to make it a viable tool..unless you want to spend a lot of money.
In the first half of the 1980s, computer viruses -- programs that reproduce themselves by "infecting" other programs -- existed mostly in labs. A few had managed to find their way into the wild on the Apple II platform, but for the most part they were tightly controlled by computer researchers.
Rob Lemos from Security Focus has written an article about malware analysis research.
“ There is an arms race going on between analysts and malware authors, so any solution will have to keep pace with advances on both sides. ”
Val Smith, co-founder, OffensiveComputing.net
Results of Malware Quiz #6 from ISC released today! Did you submit your analysis? Drop a note.
Our paper hit eweek:
Danny really deserves most of the credit on this one.