Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Some of the world's best threat detection platforms are bypassed

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

November 28, 2014

Click here to order the best deal on a HP enterprise dedicated server and at a great price.

It's reported in the blogosphere today that some of the world's best threat detection platforms have been bypassed by custom malware in a demonstration of the weaknesses of single defence security systems.

A few weeks ago, five un-named but very complex threat detection products were tested against four custom malware samples written by researchers at Crysys Lab in Hungary.

Overall, the most capable of the malware samples, dubbed BAB0 slipped past each product having infected through image steganography, a feat within the capabilities of savvy cyber criminals.

"It was designed to be as stealthy as possible, and utilises multiple methods to avoid detection," the lab's seven researchers wrote in a paper titled 'An independent test of APT attack detection appliances'.

This test case simulates attackers with moderate resources and some understanding of the state-of-the-art detection tools and how advanced malware works.

"For example, this can simulate organized criminals when attacking high value targets," the report says.

BAB0 was written in C++ with a server side in PHP and never appeared in the clear in internet traffic due to the use of steganography.

Various scripts pulled the executable from the image file after users clicked on it. The malware then ducked sandboxes with obfuscated HTML and JavaScript code.

A decoy program was presented to the victims while the hobbit scurried off hiding command and control traffic in HTML traffic appearing as user clicks.

Command types sent to BAB0 included directory traversal, file transfer, and command execution.

Another but less sophisticated malware that was recently discovered bypassed three of the unnamed platforms while the basic offerings were caught by all five.

"The main message of this work is that novel anti-APT tools can be bypassed with moderate effort," the report read.

"If we were able to develop some samples that were not detected by these tools without actually having access to any of the tested products during the development phase, then resourceful attackers who may be able to acquire these products will also be able to develop similar samples, or even better ones."

Much lazier attackers could hang out for BAB0 to be published at a later date, a move designed to help bolster internet security technology in interested companies.

The security researchers were now pondering a testing framework for zero-day browser exploits.

Source: Crysys Labs.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer