|
 |
dimarts, 28 / novembre / 2006 |
|
|
[SecurityWatch] Interview: Inside the Mind of a Kernel Hacker. Interessant, molt interessant entrevista al responsable del projecte Month of Kernel Bugs.
RN: Can you introduce yourself? Who is LMH? Is there a real name?
LMH: Well, I have a name as we all do. LMH is in fact a reference to my real name. The reason for 'hiding' behind it is that while I don't mind appearing on public mailing lists, news media, etc., I want to be recognized by the work I do. A name is pretty much like a trademark, and I'm not into trading with my name, thus I prefer to use a rather simple nickname such as 'LMH'. That way people focus on the work and not who has done it. It's also good to keep a low profile sometimes. I'm based in Europe.
|
11:27 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
[Microsoft] Windows Malicious Software Removal Tool: Progress Made, Trends Observed és un document publicat per els investigadors de Microsoft responsables del desenvolupament d'eines antimalware, on a banda del mumbo jumbo de màrketing trobem algunes dades prou interessants:
- The MSRT has removed 16 million instances of malicious software from 5.7 million unique Windows computers over the past 15 months. On average, the tool removes at least one instance of malware from every 311 computers it runs on.
- Forty-one of the 61 malware families targeted by the MSRT from January 2005 to February 2006 have been detected less frequently since being added to the tool with 21 of the families experiencing decreases greater than 75%.
- Backdoor Trojans, which can enable an attacker to control an infected computer and steal confidential information, are a significant and tangible threat to Windows users. The MSRT has removed at least one backdoor Trojan from approximately 3.5 million unique computers. Thus, of the 5.7 million unique computers from which the tool has removed malware, a backdoor Trojan was present in 62% of computers. Bots, a sub-category of backdoor Trojans which communicate through the Internet Relay Chat (IRC) network, represent a majority of the removals.
- Rootkits, which make system changes for the purpose of hiding or protecting some other, possibly malicious components, are a potential emerging threat but have not yet reached widespread prevalence. Of the 5.7 million unique computers that the tool has removed malware from, a rootkit was present in 14% of the cases; this figure drops to 8% if WinNT/F4IRootkit, the rootkit distributed on select Sony music CDs, is excluded. In 20% of the cases when a rootkit was found on a computer, at least one backdoor Trojan was found as well.
- Social engineering attacks represent a significant source of malware infections. Worms that spread through email, peer-to-peer networks, and instant messaging clients account for 35% of the computers cleaned by the tool.
- The malware problem appears to be migratory in nature. Most of the computers cleaned with each release of the MSRT are computers from which the tool has never removed malware. In the March 2006 version of the MSRT, the tool removed malware from approximately 150 thousand computers (20% of all computers cleaned) from which some malware had previously been removed by the tool in an earlier release.
|
10:14 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
© Copyright 2000-2006 Xavier Caballe.  . Si no s'indica expressament el contrari, el material publicat en aquest weblog es distribueix d'acord amb la llicència Creative Commons. El contingut és responsabilitat única i exclusivament del seu autor i no té cap relació amb les seves activitats professionals.
|
|
