Hello,
Would comodo be able to stop the 12 monkeys rootkit discussed in this article?
Thanks.
Well in general every thing is possible, but I think depending on how it’s done that this could cause a HIPS alert… “and hop around in the computer’s memory to make it even harder to find”
But on the other hand I’m sure these guy’s test CIS also to see if it alerts/catches/triggers anything.
This stuff is for spying on “the enemy” I’m not sure the average Joe is subject to catch this flue. And I also don’t think they would infect a lot of machines with it, the less they use it the less chance there is that someone is going to detect it.
Wasn’t the Stuxnet worm designed to infect as many computers as possible, and hope that it will eventually reach the correct computers that it is supposed to target? Hence, the average Joe would catch it, but it would probably not cause him problems (except make him infect other computers)
This sounds more like stuff that’s to expensive to lose in a few days…
For targeting average Joe they’d probably use 0-day on the shelf exploits first
But that’s just my personal opinion 
if it tends to move around in memory the buffer exploit ( windows memory firewall) might actually catch it. hard to tell without testing.
Wasn't the Stuxnet worm designed to infect as many computers as possibleNo, it was designed for certian machines only
if it tends to move around in memory the buffer exploit ( windows memory firewall) might actually catch it. hard to tell without testing.If it's going to get detected , hips is propably the way to go. It won't be by a conventianal AV, that's for sure.
Wasn't the Stuxnet worm designed to infect as many computers as possible
As jay said, no it wasn’t.
This are malware codes designed by large teams of highly skilled engineers.
The money involved points to government level Stuxnet - Wikipedia
I don’t know if a HIPS like D+ would react (I think it may… just may) but, as Ronny pointed out, this is not tageted to the average user.
It’s got to get in somehow, and it’s got to have some way of storing itself. It won’t go completely undetected by everything.
Mind you, Greg Hoglund did say, in regards to Megenta (the next generation of rootkit) that it could seed messages into a networked host “even if the host in question has full Windows firewalling enabled”.
Now Greg’s talking about the Windows firewall here and giving what he said he’s currently doing, that would be the Windows firewall on XP SP3!
So, aside from OS problems (needs more work for Vista & above), he’s going to have test Magenta against all personal (non-MS) firewalls. And given that Personal Firewalls are constantly adapting and changing… that will take some doing. So, to lower the risk of being discovered, that could well limit Magenta (and probably 12 Monkeys as well) to only being deployed against systems that do not have Personal Firewalls and, instead, rely on MS’s firewall (ie. Commercial & Government systems).
edit: Source [arstechnica.com] for Greg Hoglund quote. No, I didn’t download all their emails & read them. :)
There is one big if here in regards to the firewall.
They (almost all) use WFP the M$ Filtering platform if he could fly under that radar it would render most software firewall’s useless…
I’m not sure I would risk it on an “almost all”… would you?