tag:blogger.com,1999:blog-7347279.post4074542142139240152..comments2023-08-26T05:04:33.009-04:00Comments on anti-virus rants: the myth of optimal malwarekurt wismerhttp://www.blogger.com/profile/03810635947269551517noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-7347279.post-85902258657855769172007-11-20T18:05:00.000-05:002007-11-20T18:05:00.000-05:00Interesting idea...Interesting idea...Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-7347279.post-41944651416489272452007-11-20T10:18:00.000-05:002007-11-20T10:18:00.000-05:00@didier stevens:y'know, i can think of one area wh...@didier stevens:<BR/>y'know, i can think of one area where finding ways to exploit malware would be of significance - botnet c&c... <BR/><BR/>whether it be subverting the control channel to make the bot announce itself to the affected device owner, or disrupting communication with the botmaster, or even getting the bots to use their self-defense mechanisms against their legitimate c&c... botnets should become rather impotent if communications break down...kurt wismerhttps://www.blogger.com/profile/03810635947269551517noreply@blogger.comtag:blogger.com,1999:blog-7347279.post-92228301146766385572007-11-20T08:00:00.000-05:002007-11-20T08:00:00.000-05:00It's not that optimal malware is a myth, it's just...It's not that optimal malware is a myth, it's just rare and deciding what is optimal is context dependent.<BR/><BR/>Malware also contains bugs like any other software. I used to believe that malware was more bug ridden than other software, but in the last years I see more professional code in malware. Like error handling.<BR/><BR/>I would like to dedicate some time to find vulnerabilities in malware and write exploits for it :-). But that would just be some project to proove a point, it wouldn't have much value.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-7347279.post-33032827420959782982007-11-19T10:04:00.000-05:002007-11-19T10:04:00.000-05:00it seems to me that the existence of a dedicated r...it seems to me that the existence of a dedicated removal tool (vundofix) indicates that someone <B>does</B> care about it... <BR/><BR/>as i understand it, the people who make virtumonde keep making new versions - there's little that can be done to prevent the new versions from slipping past known malware scanners since they are unknown... this is a widely recognized limitation of known malware scanning and is one of the reasons why additional preventative techniques should generally be used in addition to it...kurt wismerhttps://www.blogger.com/profile/03810635947269551517noreply@blogger.comtag:blogger.com,1999:blog-7347279.post-82348375352929474562007-11-19T00:26:00.000-05:002007-11-19T00:26:00.000-05:00you should write about virtumonde. no anti-spywar...you should write about virtumonde. no anti-spyware can destroy it. since virtumonde only slows down and behaves like a trojan, nobody seems to care about it.<BR/><BR/>yet norton, or Microsoft one care or vundofix can destroy the latest strains of Virtumonde or jkhff.dll.Anonymousnoreply@blogger.com