[PLUG-TALK] The next step in malware

Daniel Pittman daniel at rimspace.net
Thu Jun 30 20:19:10 UTC 2011


On Thu, Jun 30, 2011 at 13:08, Rich Shepard <rshepard at appl-ecosys.com> wrote:
>   Here's a botnet that hides in the MBR of Windows machines. Sad and scary:
>
>                <http://www.bbc.co.uk/news/technology-13973805>

Not as frightening as the fact that it can absolutely, without
question, apply the same techniques to Linux systems and have the same
sort of results.  (The software also uses custom device drivers and
other kernel mode hacks to make it practically impossible to
disentangle.  Doing the same for all the distribution kernels, and
even for custom ones, is absolutely within reach of a malware author.
Not ever that difficult, for the stock kernels.)

So, yeah.  The fight escalates further.  At least you can always
detect when you are virtualized on current hardware, so when they
malware amps up the next step and just virtualizes the whole thing we
*should* be able to find out. ;)

Daniel
-- 
⎋ Puppet Labs Developer – http://puppetlabs.com
✉ Daniel Pittman <daniel at rimspace.net>
✆ Contact me via gtalk, email, or phone: +1 (503) 893-2285
♲ Made with 100 percent post-consumer electrons



More information about the PLUG-talk mailing list