Skip navigation.
Home

Press

Offended by offensive computing

Please check the attachment :)

Your AV Fails 8 Out of 10 Times

A recent ZDNet article reports that Graham Ingram and AusCERT are reporting that 80% of all malware is undetectable by anti-virus vendors. During a security breakfast Ingram said, "antivirus programs don't work."

Using our malware database we can confirm this fact. What's interesting is that AV programs fail differently. This is more proof that the closed-source, closed analysis methods have been woefully inadequate, albeit extremely profitable.

Rootkits Get Better at Hiding

|

CNet is running a story on the new Rustock/Mailbot.AZ malware making the rounds. The hiding methods used by Rustock are certainly a threat, but hardly anything new. If anything this is a good example of a piece of malware that amalgamates the different methods together.

Is anyone actually surprised this happened? Is Greg Hoglund going to pop a vein when he sees CNet headlining Rootkits == Malware?

Malware Search Engine

|

HDM from the Metasploit project has released a malware search engine. This is an open tool based on a similar idea from Websense. HD's idea expands on the Websense code in several ways. First it's an open project with code available. Second it searches for actual malware signatures, rather than just .exe's. HD uses the signature output from ClamAV to find the name of the malware. This is then used in conjunction with a PE signature matching method to form a Google query. Afterwards the malware can then be downloaded directly from google.

We provided our malware database to HDM for use in the initial tool. The results of the google downloads can be seen in the order of magnitude jump of our malware collection. Thanks HDM!

Read the full EWeek interview with HDM here.

Google's Binary Search Helps Identify Malware

|

"A little-known capability in Google's search engine has helped security vendor Websense uncover thousands of malicious Web sites, as well as several legitimate sites that have been hacked, the company said today."

Read the full PC Magazine Article

What's really interesting is this portion:

"Hubbard and his team plans to share its Google code with a select group of security researchers, but it will not make the software public, for fear that the tool could be misused by the bad guys."

This is yet another example of the reluctance to share information regarding malware. There's enough information in the article to replicate this information, but there is not enough to make it a viable tool..unless you want to spend a lot of money.

20 Years of PC Viruses

TechWeb is running an article showcasing 20 years of PC viruses.

In the first half of the 1980s, computer viruses -- programs that reproduce themselves by "infecting" other programs -- existed mostly in labs. A few had managed to find their way into the wild on the Apple II platform, but for the most part they were tightly controlled by computer researchers.

Researchers Eye Machines to Analyze Malware

Rob Lemos from Security Focus has written an article about malware analysis research.

“ There is an arms race going on between analysts and malware authors, so any solution will have to keep pace with advances on both sides. ”

Val Smith, co-founder, OffensiveComputing.net

http://www.securityfocus.com/news/11395

Malware Analysis Quiz #6 Results

| |

Results of Malware Quiz #6 from ISC released today! Did you submit your analysis? Drop a note.

http://handlers.sans.org/pbueno/ma6.html

Paper

|

Our paper hit eweek:

http://blog.eweek.com/blogs/eweek/archive/2006/03/17/8493.aspx

And more:

http://www.securiteam.com/securityreviews/5ZP0B2KI0Q.html
http://malware-research.co.uk/index.php?topic=1221

Danny really deserves most of the credit on this one.

V.

Nepenthes & MWCollect Join Forces

| |

Great news for malware collectors! Stop by the sites for details..

http://www.mwcollect.org
http://nepenthes.sourceforge.net

Or click the handy links to the left of this.

Syndicate content