One of the reasons malware gets past corporate defences is that a single HTTP request can look perfectly innocent. However, according to research to be presented at a security conference next week, those requests reveal themselves if the defender takes a “big picture” view. According to research to be presented at the Internet …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Tuesday 18th February 2014 08:33 GMT Anonymous Coward

Nothing really new

This more ambitious approach, of looking for characteristic patterns in requests and data, has been used by top-end firewall manufacturers for at least 15 years and possibly longer. After all, it's the logical thing to do if you want to identify more attacks and thus have a chance of shutting them out, rather than having to clean up the damage afterwards.

However, like all "smart" software, I suspect it will turn out to have distinct limitations. The idea is somewhat similar, in the broadest terms, to that behind Web content filtering - and we know how well that works in practice. It always looks fairly straightforward, at first glance, to make software behave "intelligently" by making it carry out a set of rules. Trouble is, life tends to be a lot more complicated than any simple set of rules we can devise. There are exceptions, and the exceptions also have exceptions... and so on.

1 0
Tuesday 18th February 2014 10:27 GMT Tromos

Pretty much pointless

The malmongers will just adapt and enlarge their directory structures, add some JPG, PDF, etc. files to widen their range of filetypes and generally do whatever is necessary for business as usual.

0 0
Tuesday 18th February 2014 10:30 GMT Justin Stringfellow

nazca

http://en.wikipedia.org/wiki/Nazca_Lines

I see what they did there.

0 1
Tuesday 18th February 2014 12:15 GMT Anonymous Coward

Call me pedantic but...

... saying that it does not inspect content but takes MD5 hashes of the first few Ks is like saying that one does not watch adult movies but takes a look at the first five minutes... you know, just to see if they are one of these.

And by the way, doing this only makes malware writers to pad its malicious content with a few kilobytes of cat pictures at the beginning.

0 0

This topic is closed for new posts.

Topics

Special Features

Vendor Voice

Resources

User topics

Article topics

User topics

Article topics

Zoom out for a view of malware, say boffins

COMMENTS

Nothing really new

Pretty much pointless

nazca

Call me pedantic but...

Other stories you might like

It's official: BlackLotus malware can bypass Secure Boot on Windows machines

Suspected Chinese cyber spies target unpatched SonicWall devices

Forget ChatGPT, the most overhyped security tool is technology itself, Wiz warns

Refreshed from its holiday, Emotet has gone phishing

Frankenstein malware stitched together from code of others disguised as PyPI package

Pushers of insecure software in Biden's crosshairs

Alert: Crims hijack these DrayTek routers to attack biz

AT&T blames marketing bods for exposing 9M accounts

German 5G network ban said to loom for Huawei and ZTE

PlugX RAT masquerades as legit Windows debugger to slip past security

GitHub rolls out mandatory 2FA for loads of devs next week

DoppelPaymer ransomware suspects cuffed, alleged ringleaders escape

About Us

Our Websites

Your Privacy