dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
28
share rss forum feed


therube

join:2004-11-11
Randallstown, MD
Reviews:
·Comcast
·Verizon Online DSL

4 edits
reply to Brano

Re: Flame: Massive cyber-attack discovered, researchers say

quote:
Industrial vacuum cleaner
Yet we already have & have had an "industrial vacuum cleaner" (think NSA & ATT), yet no one seems to care.

quote:
At the moment, we haven’t seen use of any 0-days; however, the worm is known to have infected fully-patched Windows 7 systems through the network, which might indicate the presence of a high risk 0-day.
quote:
Skywiper attempts to evade detection by anti-virus products by storing its code in .OCX files (not usually checked by anti-virus products in their default configuration). However, if the malware detects the presence of McAfee's on-access scanner (McShield) it stores its code in .TMP files instead:
Why?

Why is there no default whitelisting of allowable executables (with associated hashes) & or other methods of containment? Wouldn't that make far more sense then something like UAC?


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
said by therube:


Why?

Why is there no default whitelisting of allowable executables (with associated hashes) & or other methods of containment? Wouldn't that make far more sense then something like UAC?

»code.google.com/p/malware-lu/wik···e_flamer
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


therube

join:2004-11-11
Randallstown, MD
Reviews:
·Comcast
·Verizon Online DSL

1 recommendation

Right.

Not one of:

bb5441af1e1741fca600e9c433cb1550 d53b39fb50841ff163f6e9cfd8b52c2e
bdc9e04388bda8527b398a8c34667e18 c9e00c9d94d1a790d5923b050b0bd741
296e04abb00ea5f18ba021c34e486746 5ad73d2e4e33bb84155ee4b35fbefc2b
dcf8dab7e0fc7a3eaf6368e05b3505c5 06a84ad28bbc9365eb9e08c697555154
ec992e35e794947a17804451f2a8857e 296e04abb00ea5f18ba021c34e486746
b604c68cd46f8839979da49bb2818c36 c81d037b723adc43e3ee17b1eee9d6cc
37c97c908706969b2e3addf70b68dc13 
 
are on my whitelist, so they won't be able to run, period!