Triumfant detects and stops in-memory malware attacks
Posted on 05 November 2013.
Advanced Volatile Threats are malware attacks that take place in a computer's RAM or other volatile memory, and are difficult to detect because they are never stored to the hard disk. Unlike APTs that create a pathway into the system and then automatically execute every time a machine is rebooted, an Advanced Volatile Threat enters a machine in volatile, real-time memory, exfiltrates the data, then immediately wipes its fingerprints clean leaving no trace behind as the computer is shut down.

Triumfant launched an Advanced Volatile Threat (AVT) module to detect and stop "in-memory" malware attacks. The new solution, which is bundled free with Triumfant's product suite, combines patented malware detection software with new tools that can accurately track malware functionality operating in the volatile memory of the endpoint machine.

A key aspect of the Memory Process Scanner is its ability to detect volatile exploits. In the case of an exploit, the malware injects itself into a normal process. Once the malware is running, it may migrate to a different process and download other tools to be used by the attacker. Catching the initial exploit allows the earliest possible detection and identifies the vulnerable process that is being compromised.

Features include:

Anomalous Application Verification: Automatically links related anomalous behaviors and generates supporting evidence for anomalous applications on the endpoint.

Irregular Process Notifications: An attacker will often hide a backdoor process inside another process that doesn't normally communicate over the network. The Memory Scanner can detect processes as a behavioral anomaly if it tries to communicate over the network.

Bandwidth & Authentication: Triumfant's 5.0 update is more bandwidth efficient than current messaging systems, includes bidirectional authentication to prevent spoofing, and contains message sequence numbers to prevent replay attacks.

Second Generation Messaging System: Triumfant 5.0's new messaging system is based on JSON-RPC over HTTP implemented in JavaScript and can be used to communicate with agents designed for Windows and non-Windows platforms.

Management: Installation, verification, operation, and maintenance of the Triumfant malware detection solution is provided with each 5.0 upgrade.

"The security industry has tried many approaches to preventing malware over the years, and some have worked better than others. By now, thanks to numerous studies, everyone should realize that the signature-based approaches of old have limited value," said Adrian Sanabria, Senior Security Analyst, 451 Research.


Chrome extension thwarts user profiling based on typing behavior

Infosec consultant Paul Moore came up with a working solution to thwart a type of behavioral profiling. The result is a Chrome extension called Keyboard Privacy, which prevents profiling of users by the way they type by randomizing the rate at which characters reach the DOM.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Jul 29th