网络安全 (39)
摘录自:CTOCIO
僵尸网络(英文名称:Botnet),有别于以往简单的安全事件,它是一个具有极大危害的攻击平台。它可以造成比传统破坏行为更大的危害,并且使得攻击的防范难度增大。
In 2007, PandaLabs received an average of 5000 new strains of mail every day. In total, the amount of malware that appeared last year increased tenfold with respect to 2006 which, in turn, saw the same amount of new malware as in the previous 15 years combined. Put simply, the amount of malware in circulation is increasing dramatically.
最近在研究病毒的检测技术,虽然在这个木马、流氓件猖獗的年代,检测技术(除了考虑效率因素外)已经变得不是十分重要了。但俺仍然出于兴趣想从这里面寻找些思路。或许对抗技术的本身并不在于谁彻底打败了谁,而在于彼此间共同进步。在查阅资料中发现了这篇文章(Anti heuristic techniques author:Black Jack ),虽然是比较古老的,但还是可以从中获得很多新的思路。翻译的比较粗糙,如有不正确或不准确的地方还望大家指正,后面我会继续谈些对抗仿真技术的策略。
本文讨论了Linux环境下攻击者入侵成功以后常常使用的一些后门技术,并且对最著名的rootkit工具之一knark进行了详细的分析,并且指出了在发现系统被入侵以后如何发现是否是knark及如何恢复。
Microsoft Windows, the operating system most commonly used on systems connected to the Internet, contains multiple, severe vulnerabilities. The most commonly exploited are in IIS, MS-SQL, Internet Explorer, and the file serving and message processing services of the operating system itself.
'Errare humanum est' (' To err is human.') 'To err is human, but to really foul things up you need a computer' The term 'vulnerability' is often mentioned in connection with computer security, in many different contexts. Most computer vulnerabilities can be exploited in a variety of ways. Hacker attacks may use a single specific exploit, several exploits at the same time, a misconfiguration in one of the system components or even a backdoor from an earlier attack. Cyber-Threat Analytics (Cyber-TA) is a research initiative to accelerate the ability of organizations to defend against large-scale network threats by creating the underlying technologies to enable next-generation privacy-preserving digital threat analysis centers. We will conduct basic research, develop prototype implementations of our core concepts, and demonstrate practical schemes for Internet-scale collaborative digital attack reconnaissance and mitigation. Our envisioned next-generation threat analysis centers must support highly automated threat diagnosis and prioritization, scale to alert volumes and data sources that characterize attack phenomena across millions of IP addresses, and rapidly distribute actionable information back to the broader network community to help mitigate emerging attacks. However, such centers must also address fundamental information privacy concerns among the contributor pool. These privacy concerns may at best limit the participation of, or at worst expose to harm, those who choose to share highly sensitive security log content within current collaborative security analysis frameworks. |