Author Topic: Botnets! Ever increasing Threat!!  (Read 75682 times)

Offline Little Mac

  • Forum Volunteer
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6303
  • The Colonel told me to.
Re: Botnets! Ever increasing Threat!!
« Reply #75 on: February 06, 2008, 09:29:50 PM »
I think this idea is part of what Comodo is doing when users use the file submission process.  They analyze and create the signature for it.  Not sure the format of the signature, but even if it were something as "simple" as an md5 hash, the odds of there being an illegitimate match are 2128 against.  Go to some other stronger crypto sig and the odds go even higher.  If you wonder how big that number is, put it in a scientific calculator...  ;)

LM
These forums are focused on providing help and improvement for Comodo products.  Please treat other users with respect and make a positive contribution.  Thanks.
Forum Policy

Offline Burillo

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 326
  • Bunghole
Re: Botnets! Ever increasing Threat!!
« Reply #76 on: February 07, 2008, 06:47:06 AM »
you can't hash polymorphic and metamorphic viruses since they always change their contents :-)))
Some people are dumb... (c) Butt-head

Remember! CIA is watching you!

Offline venom_zx

  • Newbie
  • *
  • Posts: 9
Re: Botnets! Ever increasing Threat!!
« Reply #77 on: February 07, 2008, 09:31:44 AM »
[ at ]Burillo
well the idea was that if the hash was not recognizable, the program would be seen as suspect.

[ at ]gibran
but i guess it's true that programs can be exploited while running ( forgot about that ). well i thought that atleast, more detailed messages could be avoided for users that don't get those.

behavioural fingerprinting sounds more in the direction of leak protection or possible virus scanners.

yea, if software authors made a behavioural signature and code signature. then it would make it even harder to exploit. first exploits would have to be found where these signatures can't change. but programs with plugins might have some pretty varried behaviour.

but i guess it's always nice to not fully have to trust applications.
« Last Edit: February 07, 2008, 09:33:19 AM by venom_zx »

Offline drysonbennington

  • Newbie
  • *
  • Posts: 4
Re: Botnets! Ever increasing Threat!!
« Reply #78 on: February 07, 2009, 08:58:38 AM »
The question is this, with so many zombie pc out there would it be possible to create a zombie zapper type bot?

What the bot would do is it would actively seek out the malicious scripted bot. Once the bot is found our zombie zapper bot would go into destroy mode attaching itself to the zombie bot and then rendering a code to zombie bot's own code structure that would destroy it. The zombie zapper bot would then return to the user and link the information to the Comodo zombie zapper design team to create new and more powerfull zombie zapper bots. The idea is based off of how the human immune system works. Each time a new virus enters the human body, an alert is sent to the white blood cells, they then attack the intruder, copying the new virus' own cell makeup into the defender's defense mechanism. If the same type of virus is introduced again the immune system sends the newly created fighters to attack the virus, effectively killing it before the virus can damage the body.  The only problem is the virus (zombie bots) that act like cold, they continuely redefine theirself making it almost impossible for any permanent type of defense to be established. But as with all biological systems as pc systems there has to be a common link between them all that are the same. Once this algorythm has been found in the zombie bot, then a zombie zapper cell can be created to attack this specific trait in all bots thus effectively wiping the bot out before it can infect the system.

Offline SecurityManiac

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 413
  • Live today Life might end tomorrow
Re: Botnets! Ever increasing Threat!!
« Reply #79 on: February 07, 2009, 03:11:54 PM »
you can't hash polymorphic and metamorphic viruses since they always change their contents :-)))
How do you think about this , Melih?
This is one of the mayor parts most vendors are fighting against

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14651
    • Video Blog
Re: Botnets! Ever increasing Threat!!
« Reply #80 on: February 07, 2009, 09:21:53 PM »
How do you think about this , Melih?
This is one of the mayor parts most vendors are fighting against

there are ways to detect these...

Melih

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek