The latest threat to intellectual property comes in the shape of malicious software (malware) that is capable of infecting a computer, hiding itself until the user accesses specific files or Web sites--in order to steal files or passwords--and then deleting any trace of itself.
Speaking at the IT Security in Government Conference in Canberra on Friday, Brian Denehy, security assurance engineer at CyberTrust, told delegates that the vast majority of new malware uses "some type of stealth" or anti-forensic technology in an attempt to remain undetected before, during and after an attack.
According to Denehy, techniques used not only include 'the obvious ones' such as encryption and rootkits but also "compression bombs"--which are compressed files that try to make life difficult for forensic tools by attempting to expand to an infinite size when executed.
"Generally these techniques are seen in about 65 percent of all forensic investigation these days.
"Some just do a complete wipe on the disk--equivalent to a low level format--to make sure that some of the remnant magnetization is not left behind. Most of you may well appreciate that just writing on a hard disk still leaves evidence there that can be recovered with the right tools.
"People also use the slack space at the end of files or introduce extras in the bad sectors list to hide their data … it makes life more difficult," said Denehey.
When conducting investigations, it's always Deheney's hope that these techniques haven't been used by hackers."It is pleasing to find an inexperienced hacker that has not used these things and has made it easy to analyze," he said.
Source - ZDNet
0
New threat from 'suicide' virus
Started by
nitram
, Aug 01 2006 01:48 PM
5 replies to this topic
#1
nitram
-
- Members
-
- 233 posts
NITRISCO
- Location:Nottingham England
- Country:England
Posted 01 August 2006 - 01:48 PM
#2
VROSA
-
- Global Moderator
-
- 2,043 posts
Ghost Member
- Location:Belo Horizonte - Minas Gerais - Brazil
- Interests:Hardware, Software, Alphas and Betas, OS Mods, Windows 8.1, Windows 10, Linux, Games, Fun, Friends.
- Country:Brazil
Posted 02 August 2006 - 07:06 PM
I hope my AV will be able handle such virus. 
The hiding techniques are really very interesting, specialy the one that create "false bad sectors" to hide the code.
The hiding techniques are really very interesting, specialy the one that create "false bad sectors" to hide the code.
Edited by vrosa x64, 02 August 2006 - 07:13 PM.
#3
simon
-
- Members
-
- 739 posts
simon says Post
- Location:Buffalo,New York, USA
- Country:USA
Posted 02 August 2006 - 09:38 PM
Is there a fix for it yet?
#4
m.oreilly
-
- Admin
-
- 8,810 posts
rog'er wilco
- Country:lower uncton
Posted 03 August 2006 - 12:22 AM
gosh, i don't even use an AV...
#5
Roadrunner
-
- Sponsor
-
- 672 posts
Established Member
- Location:Irvine, california
- Country:USA
Posted 03 August 2006 - 01:54 AM
m.oreilly, on Aug 2 2006, 05:22 PM, said:
gosh, i don't even use an AV...
Mo likes to live dangerously !!!
#6
m.oreilly
-
- Admin
-
- 8,810 posts
rog'er wilco
- Country:lower uncton
Posted 03 August 2006 - 04:50 AM
Roadrunner, on Aug 2 2006, 06:54 PM, said:
Mo likes to live dangerously !!!
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
