Death of antivirus software imminent

Anne & Lynn Wheeler lynn at garlic.com
Sat Dec 29 18:37:03 EST 2007


re:
Storm, Nugache lead dangerous new botnet barrage
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1286808,00.html

from above:

The creators of these Trojans and bots not only have very strong 
software development and testing skills, but also clearly know how 
security vendors operate and how to outmaneuver defenses such as 
antivirus software, IDS and firewalls, experts say. They know that they 
simply need to alter their code and the messages carrying it in small 
ways in order to evade signature-based defenses. Dittrich and other 
researchers say that when they analyze the code these malware authors 
are putting out, what emerges is a picture of a group of skilled, 
professional software developers learning from their mistakes, improving 
their code on a weekly basis and making a lot of money in the process.

... snip ...

... and somewhat related

Virtualization still hot, death of antivirus software imminent, VC says
http://www.networkworld.com/news/2007/121707-crystal-ball-virtualization.html

from above:

Another trend Maeder predicts for 2008 is, at long last, the death of 
antivirus software and other security products that allow employees to 
install and download any programs they'd like onto their PCs, and then 
attempt to weed out the malicious code. Instead, products that protect 
endpoints by only allowing IT-approved code to be installed will become 
the norm.

... snip ...

and post about dealing with compromised machines
http://www.garlic.com/~lynn/2007u.html#771 folklore indeed

mentioning sophistication in other ways:

Botnet-controlled Trojan robbing online bank customers
http://www.networkworld.com/news/2007/121307-zbot-trojan-robbing-banks.htm

from above:

If the attacker succeeds in getting the Trojan malware onto the victim's
computer, he can piggyback on a session of online banking without even
having to use the victim's name and password. The infected computer
communicates back to the Trojan's command-and-controller exactly which
bank the victim has an account with. It then automatically feeds code
that tells the Trojan how to mimic actual online transactions with a
particular bank to do wire transfers or bill payments

... snip ...

there have been some number of online banking countermeasures for
specific kinds of system compromises .... like keyloggers ... but they
apparently didn't bother to get promises from the crooks to only limit
the kinds of attacks to those exploits.

some related comments on such compromised machines
http://www.garlic.com/~lynn/aadsm27.htm#66 2007: year in review
http://www.garlic.com/~lynn/aadsm28.htm#0 2007: year in review

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list