Stealing Data With Obfuscated Code 101
Weblver1 writes "A recent report by web security firm Finjan shows how easily data can be accessed on PCs by malware which circumvents existing defenses. With the use of obfuscated code, antivirus
software and static Web filters could not identify the scrambled attack code as a threat. The report walks through a real-life scenario of the infection
process step-by-step, and tracks what happens to the stolen data. This demonstrates how stealing sensitive data has become unbearably easy — especially, given the abundance of easy-to-use DIY crimeware toolkits. Finjan's report is available
here (PDF, registration required). Shortly after this report, Security firm RSA has released their findings
of a huge amount of stolen 'virtual wallets' in one of the largest discoveries of stolen data from computers compromised by the Sinowal trojan. While the trojan can be traced back to 2006, it managed to become more productive over time with frequent variants. Given the scale, ease of use, and hiding techniques making infections extremely difficult to find, no wonder today's crimeware achieves such 'impressive' results."
Comment removed (Score:5, Insightful)
if(isroot = 1){ (Score:3, Insightful)
Re:WTF-squared (Score:4, Insightful)
Re:That's what I said. (Score:2, Insightful)
Match known good patterns and quarantine everything else.
That's fine in a business environment where you have a floor of users all running an Office Suite of programs.
In any other setting it stifles innovation. Which is fine, if you work for a big company operated by stuffed suits.
White lists are an excellent opportunity for the people and organizations not afflicted with an IT staff who impose them.
But, then, 'IT' is just the new word for file clerk. Keep those files all neat and in order, clerks.