Title: Self-cloaking malware
Post by: RichM on June 05, 2007, 07:05:59 PM
I just read an article that is about malware that is brilliant and unbelievably frightening simultaneously. Basically, if an infected machine is told to go to a hostile site and it has (the machine) already visited the site, the ip address is used to filter the infected machine to a "benign" page.
It goes without saying how much more difficult this can make it to identify what exactly is happening on the target machine. The full article is here: http://www.vnunet.com/vnunet/news/2191298/hackers-turn-genre-evasive
If you don't mind the minor headache of having to temporarily allow scripts to run, I highly recommend noscript.net
Title: Re: Self-cloaking malware
Post by: jimbob on June 06, 2007, 12:46:35 PM
Malware authors are using more and more tricks to hide their tracks and block inspection by security professionals. Encoded malware, selective delivery based on the browser type and many other techniques are regularly employed.
It keeps us on our toes I suppose. Never a dull moment.