Become a fan of Slashdot on Facebook


Forgot your password?
Security Programming IT Technology News

Stealing Data With Obfuscated Code 101

Weblver1 writes "A recent report by web security firm Finjan shows how easily data can be accessed on PCs by malware which circumvents existing defenses. With the use of obfuscated code, antivirus software and static Web filters could not identify the scrambled attack code as a threat. The report walks through a real-life scenario of the infection process step-by-step, and tracks what happens to the stolen data. This demonstrates how stealing sensitive data has become unbearably easy — especially, given the abundance of easy-to-use DIY crimeware toolkits. Finjan's report is available here (PDF, registration required). Shortly after this report, Security firm RSA has released their findings of a huge amount of stolen 'virtual wallets' in one of the largest discoveries of stolen data from computers compromised by the Sinowal trojan. While the trojan can be traced back to 2006, it managed to become more productive over time with frequent variants. Given the scale, ease of use, and hiding techniques making infections extremely difficult to find, no wonder today's crimeware achieves such 'impressive' results."
This discussion has been archived. No new comments can be posted.

Stealing Data With Obfuscated Code

Comments Filter:
  • by liquidpele ( 663430 ) on Saturday November 01, 2008 @12:34PM (#25595513) Journal
    Once it has the potential to run on your system, you're basically already screwed. Antivirus companies help a little by catching the known works and viruses that have been around for a while, but in return usually slow the system down as well. As always, the only thing you can do is keep your software updated, don't run programs or code you don't trust, don't let people on your system that you don't trust to keep the system clean, and hope for the best.
  • if(isroot = 1){ (Score:3, Insightful)

    by davolfman ( 1245316 ) on Saturday November 01, 2008 @01:20PM (#25595843)
    Does this remind anyone else of the time someone tried to replace a conditional with an assignment and check it into the linux kernel to make a trigerable security hole?
  • Re:WTF-squared (Score:4, Insightful)

    by Anonymous Coward on Saturday November 01, 2008 @01:43PM (#25596007)
    WTF? You don't know how to make your own BugMeNot to help OTHER people?
  • by that this is not und ( 1026860 ) on Saturday November 01, 2008 @01:48PM (#25596035)

    Match known good patterns and quarantine everything else.

    That's fine in a business environment where you have a floor of users all running an Office Suite of programs.

    In any other setting it stifles innovation. Which is fine, if you work for a big company operated by stuffed suits.

    White lists are an excellent opportunity for the people and organizations not afflicted with an IT staff who impose them.

    But, then, 'IT' is just the new word for file clerk. Keep those files all neat and in order, clerks.

Machines that have broken down will work perfectly when the repairman arrives.