An add-on for antivirus software that can scan across a computer network and trap malicious activity missed by the system firewall is being developed by an international team. Details are reported in the International Journal of Electronic Security and Digital Forensics. The research raises the issue that the developers of both operating systems and antivirus software must work more closely together to reduce the burden of malware on computer systems the world over.
The battle between malware authors and security researchers has changed dramatically in the last few years. The purpose behind malware was often for the sake of a prank, to expose vulnerabilities or for the sake of spite. Today, malware is more about stealing sensitive data and exploiting information for fraud, identity theft and other criminal intent. In addition, much malware is aimed at breaking systems through denial-of-service (DoS) attacks in the name of espionage, whether industrial or political or for “hacktivism”, whereby activists prevent legitimate users from accessing a site they see as the enemy to their cause.
Computer security systems that attempt to thwart the spread of malicious software, malware, often fall down at one of two points of failure. The first being the failure of the network to spot malicious data packets entering the system. The second is that once the network is breached, the antivirus software, which is the last line of network defense fails to identify the software intruder as malicious. Now, researchers in Jordan and the USA have devised an antivirus add-on that allows the AV software to scan the network data as well as applications and so trap malicious activity that the firewall and other defenses that work at the network have missed.
The system devised by computer scientists Mohammed Al-Saleh of Jordan University of Science and Technology in Irbid and Bilal Shebaro of St. Edward’s University, Austin, Texas, side-steps the problem of additional computing overheads placed on a network attempting to detect the spread of malware that may well be encrypted and avoids the issue of antivirus software becoming out-of-date the instant new malware is written and uploaded and the inevitable vulnerability that occurs during the AV scanning process.
Read more: Low-cost malware detection
The Latest on: Malware detection
via Google News
The Latest on: Malware detection
- Malware uses ICMP tunneling for backdoor communicationson May 5, 2021 at 8:32 am
Dubbed Pingback, researchers report that the malware achieves persistence through DLL hijacking, then establishes a covert connection using ICMP (Internet Control Message Protocol) tunnelling to ...
- This malware was rewritten in Rust programming language to make it harder to spoton May 5, 2021 at 2:32 am
Cybersecurity researchers have uncovered a new variant of a known malware that has been rewritten in the Rust programming language in order to better evade existing detection capabilities. The Buer ...
- Global Phishing Attacks Spawn Three New Malware Strainson May 4, 2021 at 1:58 pm
The never-seen malware strains have "professionally coded sophistication" and were launched by a well-resourced APT using nearly 50 domains, one hijacked.
- Alien Mobile Malware Evades Detection, Increases Targetson May 4, 2021 at 11:16 am
PhishLabs is monitoring the increasing number of mobile applications targeted by the relatively new Alien Mobile Banking Trojan. Alien, a fork of Cerberus, continues to evade Google’s malware ...
- Cybersecurity firm offering new way to detect malware attracts investorson May 4, 2021 at 6:29 am
There's a new way to track malware and the company behind it is getting a lot of financial support. CNBC's Eamon Javers reports.
- New Pingback Malware Using ICMP Tunneling to Evade C&C Detectionon May 4, 2021 at 6:02 am
Called 'Pingback,' the Windows malware leverages Internet Control Message Protocol ( ICMP) tunneling for covert bot communications, allowing the adversary to utilize ICMP packets to piggyback attack ...
- This malware has been rewritten in the Rust programming language to make it harder to spoton May 4, 2021 at 5:04 am
Buer malware is back and it's written in a completely different coding language than it was before - but it's still being used to infect users to make them vulnerable to other cyberattacks.
- RotaJakiro Linux Backdoor Malware Escaped Detection Since 2018 As It Continued Stealing Dataon May 3, 2021 at 1:04 pm
RotaJakiro Linux backdoor malware uses rotate encrypt and multiple encryption for C2. Resembles Torii botnet in code, network, functions.
- New Buer Malware Downloader Rewritten in E-Z Rust Languageon May 3, 2021 at 8:47 am
It's coming in emails disguised as DHL Support shipping notices and is apparently getting prepped for leasing on the underground.
- A Rust-based Buer Malware Variant Has Been Spotted in the Wildon May 3, 2021 at 6:12 am
Cybersecurity researchers on Monday disclosed a new malspam campaign distributing a fresh variant of a malware loader called "Buer" written in Rust, illustrating how adversaries are constantly honing ...
via Bing News