HNS MAIN FEED
Thursday, 03:23 EDT
- Security for Android applications
- Infiltrated SpyEye C&C server provides glimpse into botnet activity
- Gmail phishing campaign is under way
- Virtualization for Security
- Trend Micro launches Titanium 2011 security software
- NSA Director says citizens' privacy will never be compromised
- International variations in online threat perception
- The emotional impact of cybercrime
- Safari 5.0.2 addresses three vulnerabilities
- How black hat spam SEO works
- Firefox 3.6.9 fixes numerous security issues
- Facebook survey spam worm spreads like fire
Q&A: Malware analysis
Greg Hoglund is the CEO and Founder of HBGary. He has been a pioneer in the area of software security. After writing one of the first network vulnerability scanners, he created and documented the first Windows NT-based rootkit, founding rootkit.com in the process. Greg went on to co-found Cenzic through which he orchestrated numerous innovations in the area of software fault injection. In this interview Greg discusses malware analysis.
What are the biggest challenges related to malware analysis today?
One of the greatest challenges is attribution: figuring out not only who wrote the malware, but also who bought and paid for it, and who is operating it. As a whole, the security industry needs to start focusing more on the human threat. The malware is just a tool -- the real threat is the human who operates it.
Another one of the difficult challenges when responding to an incident is the ability to quickly recover actionable intelligence from an unknown, never-before-seen malware infection. Once an organization has been compromised, every second counts. Quickly recovering accurate bits of forensic, artifact data while not overwhelming the user with too much other data is a daunting task. Last, but not least, is the fact that the malware authors are specifically trying to hide from or completely subvert most analysis tools and security countermeasures.
Based on your experience, in an ever-changing and evolving threat landscape, what problems do anti-malware vendors face? How can they overcome these issues?
Traditional signature-based, anti-virus techniques are not well suited for combating the ever-exploding list of daily new malware variants. The A/V industry needs to abandon signatures and move towards behavioral- and capability-based detection. This requires technology that can analyze software at a very low level, and it has to work automatically. Historically, signature- based systems did a pretty good job of detecting specific virus variants. This model quickly has fallen down, though, in the face of so many different malware variations.
1 | 2 | 3 | Next page >>
- Behind the scenes and inside workings of a CERT
- Malware detection with Neptune
- Corporate espionage for dummies: HP scanners
- A closer look at GFI Backup 2010 Business Edition
- Network security challenges faced by universities
