 therube
join:2004-11-11
Randallstown, MD
4 edits | reply to Brano
Re: Flame: Massive cyber-attack discovered, researchers say quote:
Industrial vacuum cleaner
Yet we already have & have had an "industrial vacuum cleaner" (think NSA & ATT), yet no one seems to care.
quote:
At the moment, we haven’t seen use of any 0-days; however, the worm is known to have infected fully-patched Windows 7 systems through the network, which might indicate the presence of a high risk 0-day.
quote:
Skywiper attempts to evade detection by anti-virus products by storing its code in .OCX files (not usually checked by anti-virus products in their default configuration). However, if the malware detects the presence of McAfee's on-access scanner (McShield) it stores its code in .TMP files instead:
Why?
Why is there no default whitelisting of allowable executables (with associated hashes) & or other methods of containment? Wouldn't that make far more sense then something like UAC? |
|
 Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:7 | said by therube:
Why?
Why is there no default whitelisting of allowable executables (with associated hashes) & or other methods of containment? Wouldn't that make far more sense then something like UAC?
»code.google.com/p/malware-lu/wik···e_flamer
--
Gladiator Security Forum
»www.gladiator-antivirus.com/
|
|
|
|
therube
join:2004-11-11
Randallstown, MD | Right.
Not one of:
bb5441af1e1741fca600e9c433cb1550 d53b39fb50841ff163f6e9cfd8b52c2e
bdc9e04388bda8527b398a8c34667e18 c9e00c9d94d1a790d5923b050b0bd741
296e04abb00ea5f18ba021c34e486746 5ad73d2e4e33bb84155ee4b35fbefc2b
dcf8dab7e0fc7a3eaf6368e05b3505c5 06a84ad28bbc9365eb9e08c697555154
ec992e35e794947a17804451f2a8857e 296e04abb00ea5f18ba021c34e486746
b604c68cd46f8839979da49bb2818c36 c81d037b723adc43e3ee17b1eee9d6cc
37c97c908706969b2e3addf70b68dc13
are on my whitelist, so they won't be able to run, period! |
|
