[OPLIN 4cast] OPLIN 4cast #344: Basic protection

Editor editor at oplin.org
Wed Jul 24 10:30:09 EDT 2013 

Email not displaying correctly? View it in your browser. 
<http://www.oplin.org/4cast/>
OPLIN 4Cast

OPLIN 4cast #344: Basic protection
July 24th, 2013

virusThere was an interesting posting on the /codeinsecurity/ blog a 
little over a month ago, which we didn't see until recently, called "The 
anti-virus age is over 
<http://codeinsecurity.wordpress.com/2012/06/13/the-anti-virus-age-is-over/>." 
The author, Graham Sutherland, argues that anti-virus (AV) programs 
cannot keep up with all the new types of malware in circulation and 
should just be considered "...a filter for the most basic attacks." We 
know a lot of libraries still depend primarily on AV software for 
protection, so it seemed like it might be worthwhile to look this week 
at some of those new types of malware mentioned by Mr. Sutherland. 
(We've put the names of the malware types in bold.)

  * What is a polymorphic virus?
    <http://www.wisegeek.org/what-is-a-polymorphic-virus.html>
    (wiseGEEK) "Human viruses are infamous for being able to mutate
    rapidly to avoid detection and prevent the buildup of immunities,
    and when a computer virus has a similar trait, the results can be
    unpleasant for computer users. It can be difficult to mount an
    adequate defense against a *polymorphic virus*, even with excellent
    antivirus software which has been designed to attempt to detect such
    viruses."
  * Advanced Persistent Threats: The new reality
    <http://www.darkreading.com/vulnerability/advanced-persistent-threats-the-new-real/240154502>
    (Dark Reading/Michael Cobb) "What is an *APT*? Though the term
    originally referred to nation-states engaging in cyber espionage,
    APT techniques are also being used by cybercriminals to steal data
    from businesses for financial gain. What distinguishes an APT from
    other threats is that it is targeted, persistent, evasive and
    advanced. Unlike the majority of malware, which randomly infects any
    computer vulnerable to a given exploit, APTs target specific
    organizations with the purpose of stealing specific data or causing
    specific damage. The Conficker worm, for example, used many advanced
    techniques but did not target a particular organization. It infected
    millions of computers in more than 200 countries. In contrast,
    Stuxnet was designed to target a certain type, a certain brand and a
    certain model of control system."
  * Advanced Persistent Threats get more advanced, persistent and
    threatening
    <http://www.theregister.co.uk/2013/04/04/apt_trends_fireeye/> (The
    Register/John Leyden) "Attackers are getting even smarter by coming
    up with sneakier way to evade detection. For example, FireEye has
    uncovered examples of malware
    <http://www.fireeye.com/blog/technical/malware-research/2013/04/trojan-apt-banechant-in-memory-trojan-that-observes-for-multiple-mouse-clicks.html>
    that execute only when users move a mouse, a tactic which could dupe
    current sandbox detection systems since the malware doesn't generate
    any activity. In addition, malware writers have also incorporated
    virtual machine detection as a means to frustrate security analysis
    of their wares and DLL files to improve persistence. By avoiding the
    more common .exe file type, attackers using DLL files stand a better
    chancing of avoiding detection for longer."
  * New course teaches techniques for detecting the most sophisticated
    malware in RAM only
    <http://www.networkworld.com/newsletters/techexec/2013/032213bestpractices.html>
    (Network World/Linda Musthaler) "The part of The Invisible Man is
    now being played by highly sophisticated malware that is
    *memory-resident* only. Because it only exists in RAM, the malware
    never gets written to disk, which is where you would normally look
    for most kinds of malware. It's a real challenge to find the malware
    in RAM until you follow the subtle clues that indicate something is
    there that shouldn't be there."

*/Sandbox fact:/*

One article above mentions a "sandbox." Anti-virus software can 
sometimes combat difficult malware by using a virtual environment 
(sandbox) on a computer to run and test code from untrusted sources 
before it is installed for actual use.
------------------------------------------------------------------------
The */OPLIN 4cast/* is a weekly compilation of recent headlines, topics, 
and trends that could impact public libraries. You can subscribe to it 
in a variety of ways, such as:

  * *RSS feed.* You can receive the OPLIN 4cast via RSS feed by
    subscribing to the following URL:
    http://www.oplin.org/4cast/index.php/?feed=rss2.
  * *Live Bookmark.* If you're using the Firefox web browser, you can go
    to the 4cast website (http://www.oplin.org/4cast/) and click on the
    orange "radio wave" icon on the right side of the address bar. In
    Internet Explorer 7, click on the same icon to view or subscribe to
    the 4cast RSS feed.
  * *E-mail.* You can have the OPLIN 4cast delivered via e-mail (a'la
    OPLINlist and OPLINtech) by subscribing to the 4cast mailing list at
    http://mail.oplin.org/mailman/listinfo/OPLIN4cast.


OPLIN 4Cast
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplin4cast/attachments/20130724/98d43d03/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: kubrickheader.jpg
Type: image/jpeg
Size: 38379 bytes
Desc: not available
URL: <http://lists.oplin.org/pipermail/oplin4cast/attachments/20130724/98d43d03/attachment-0003.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: virus.png
Type: image/png
Size: 37045 bytes
Desc: not available
URL: <http://lists.oplin.org/pipermail/oplin4cast/attachments/20130724/98d43d03/attachment-0003.png>

More information about the OPLIN4cast mailing list