http://www.networkworld.com/news/2010/071910-black-hat-fingerprint.html By Tim Greene Network World July 19, 2010 Looking deeper within malware yields fingerprints of the hackers who write the code, and that could result in signatures that have a longer lifetime than current intrusion-detection schemes, Black Hat 2010 attendees will be told next week. Analysis of the binaries of malware executables also reveals characteristics about the intent of the attack code that could make for more efficient and effective data defenses, says Greg Hoglund, CEO of HBGary, whose briefing "Malware Attribution: Tracking Cyber Spies and Digital Criminals" is scheduled for the Las Vegas conference. Hoglund says this analysis uncovers tool marks -- signs of the environments in which the code was written -- that can help identify code written by a common person or group based on what combination of tools they use. For example, his research looked under the covers of one malware executable whose fingerprint included use of Back Orifice 2000, Ultra VNC remote desktop support software, and code from a 2002 Microsoft programming guide. Each program was slightly modified, but the information available amounted to a good fingerprint. [...] _________________________________________________________________ Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada July 24-29th, offering over 60 training sessions and 11 tracks of Briefings from security industry elite. To sign up visit http://www.blackhat.comReceived on Mon Jul 19 2010 - 22:24:43 PDT
This archive was generated by hypermail 2.2.0 : Mon Jul 19 2010 - 22:27:59 PDT