[ISN] Black Hat talk to reveal analysis of hacker fingerprints

From: InfoSec News <alerts_at_private>
Date: Tue, 20 Jul 2010 00:24:43 -0500 (CDT)
http://www.networkworld.com/news/2010/071910-black-hat-fingerprint.html

By Tim Greene
Network World
July 19, 2010

Looking deeper within malware yields fingerprints of the hackers who 
write the code, and that could result in signatures that have a longer 
lifetime than current intrusion-detection schemes, Black Hat 2010 
attendees will be told next week.

Analysis of the binaries of malware executables also reveals 
characteristics about the intent of the attack code that could make for 
more efficient and effective data defenses, says Greg Hoglund, CEO of 
HBGary, whose briefing "Malware Attribution: Tracking Cyber Spies and 
Digital Criminals" is scheduled for the Las Vegas conference.

Hoglund says this analysis uncovers tool marks -- signs of the 
environments in which the code was written -- that can help identify 
code written by a common person or group based on what combination of 
tools they use.

For example, his research looked under the covers of one malware 
executable whose fingerprint included use of Back Orifice 2000, Ultra 
VNC remote desktop support software, and code from a 2002 Microsoft 
programming guide. Each program was slightly modified, but the 
information available amounted to a good fingerprint.

[...]


_________________________________________________________________
Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada
July 24-29th, offering over 60 training sessions and 11 tracks of Briefings
from security industry elite. To sign up visit http://www.blackhat.com
Received on Mon Jul 19 2010 - 22:24:43 PDT

This archive was generated by hypermail 2.2.0 : Mon Jul 19 2010 - 22:27:59 PDT