[metaslider id=2951] … Read More
Archives for April 2014
Kaspersky Lab patents method for detecting malware that conceals its presence in the system
Kaspersky Lab has obtained a patent for a method of detecting malware that has been masked by rootkits – special programs capable of altering the outcomes of system functions. Patent no. 8677492 issued by the US Patent and Trademark Office describes the operation of a security solution with a special module that duplicates some functions of the operating system’s kernel, so the security solution has reliable information even if the OS is infected with a rootkit.
Cybercriminals use rootkits to prevent security solutions detecting malicious programs such as Trojans. To do this a rootkit masquerades as a legal driver, integrates with the OS kernel, intercepts system function calls from applications and modifies the results of their operation, deleting any references to files and processes related to the Trojan. This means the presence of malicious code can be masked – a dangerous program becomes invisible to the user and to other applications.
The Heartbleed bug
Heartbleed is a catastrophic bug in OpenSSL:
“The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users.
Detecting Advanced Persistent Threats with Enterprise Snare Agents
Advanced Persistent Threats, better known as APT’s, are gaining a lot of media attention lately.
Unlike traditional malware, these are stealthy, performing various sequences of activities to avoid detection. An APT is a targeted attack that seeks to harvest critical information, such as proprietary data, source code, or operational plans. click here