[AusNOG] CryptoLocker Virus
Chris Keladis
ckeladis at gmail.com
Thu Oct 24 13:38:58 EST 2013
On Thu, Oct 24, 2013 at 12:13 PM, Pinkerton, Eric (AU Sydney) <
Eric.Pinkerton at baesystemsdetica.com> wrote:
Your realising what almost everyone in the security industry has known for
> years, that A/V solutions relying on blacklisting has been a broken concept
> for years because it is a very trivial task to take some malware, and pass
> it through a packer/obfuscator which will make it unique.
>
Absolutely. The best analogy for A/V is the old game Kerplunk (for those
who remember). Put marbles (malware) in, it fights it's way past the sticks
(signatures), and eventually falls through anyway :-) Change the
configuration of the sticks, and a new array of opportunities for getting
past them, presents itself.
+1 for application Whitelisting. Not the silver-bullet, but a step in the
right direction.
Chris.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20131024/bb31b76b/attachment.html>
More information about the AusNOG
mailing list