|
Title: Self-cloaking malware Post by: RichM on June 05, 2007, 07:05:59 PM I just read an article that is about malware that is brilliant and unbelievably frightening simultaneously. Basically, if an infected machine is told to go to a hostile site and it has (the machine) already visited the site, the ip address is used to filter the infected machine to a "benign" page.
It goes without saying how much more difficult this can make it to identify what exactly is happening on the target machine. The full article is here: http://www.vnunet.com/vnunet/news/2191298/hackers-turn-genre-evasive If you don't mind the minor headache of having to temporarily allow scripts to run, I highly recommend noscript.net Title: Re: Self-cloaking malware Post by: jimbob on June 06, 2007, 12:46:35 PM Malware authors are using more and more tricks to hide their tracks and block inspection by security professionals. Encoded malware, selective delivery based on the browser type and many other techniques are regularly employed.
It keeps us on our toes I suppose. Never a dull moment. Jim
Powered by SMF 1.1.7 |
SMF © 2006-2008, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com |