“When combining the results from all four AV engines, less than 40% of the binaries were detected.” Source: CAMP: Content-Agnostic Malware Protection Proceedings of.
Download ReportTranscript “When combining the results from all four AV engines, less than 40% of the binaries were detected.” Source: CAMP: Content-Agnostic Malware Protection Proceedings of.
“When combining the results from all four AV engines, less than 40% of the binaries were detected.”
Source: CAMP: Content-Agnostic Malware Protection
Proceedings of 20th Annual Network & Distributed System Security Symposium
https://www.cs.jhu.edu/~moheeb/aburajab-ndss-13.pdf
sigcheck -e -u -s c:\ listdlls -u
strings
When in doubt, run Process Monitor!
“Category is Write”
Give a man a stolen credit card & he'll eat like a king for a day. Teach a man to phish and he'll be set for life. -- Ancient Nigerian proverb
http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Rogue%3aWin32%2fWinwebsec
http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%3aWin32%2fLockScreen.CT
http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32%2FVicenor
• •
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm:Win32/Flame.gen!B
http://www.reuters.com/article/2012/06/12/us-media tech-summit-flame-idUSBRE85A0TN20120612
www.russinovich.com
Book signing from 12:00-12:30 Bookstore
http://www.microsoft.com/security/sir/default.aspx
http://www.symantec.com/content/en/us/enterprise/media/security_re sponse/whitepapers/w32_stuxnet_dossier.pdf
http://www.wired.com/threatlevel/2011/07/how-digital-detectives deciphered-stuxnet/