Archive for 2015

There are 3 results found

Image Files Containing Malicious Code

Image Files Containing Malicious Code

The future of online attacks. But SigFree tech exists that can defeat this now

Saumil Shah has developed the stegosploit tool to show how malicious javascript code can be embedded and run from an image file. The user need only open the image file to execute the malware code.

image file contains executable malware

Security Affairs published a report on Shah’s work and obtained the following quote from Shah:

Image file vulnerability

But DayZero’s SigFree technology already has the ability to detect malicious code hidden in image and other types of files.

SigFree Code Abstraction detects executable code in any type of file or data stream. Our proprietary technology quickly parses all possible code sequences. This tech easily finds paths that cannot be executed. In the end, SigFree code abstraction only delivers executable code that does not belong in that image file or data stream.

SigFree Stealth defeats any attempts by the malware to disguise itself. Even if the malware morphs, SigFree Stealth will uncover it so the executable path can be found. This tech defeats the malicious code’s attempts to disguise itself. This includes attempts at using polymorphism, encryption, metamorphism and self-modification.

These particular technologies are not yet released in a production product but will be soon. Testing has been highly effective with zero false negatives and near zero (about 0.0027%) false positives. We are working on optimizing speed for data streams with a very amount of image, video and flash files.

Come visit us at DayZero.

Please Note – Images courtesy of Saumil Shah and Pierluigi Paganini.

Exploit Kits and You – Not a Love Story

Exploit Kits: A Fast Growing Threat

Exploit kits are internet hit and run incidents about to happen. They are waiting for you to cross their section of the highway. When you do, they run over you. You will never know what happened.

Exploit kit note: This post is largely taken from the article“Exploit Kits: A Fast Growing Threat” which was published on the Malwarebytes Unpacked blog. At the end, we will also provide a helpful infographic which was published with the original article.
Exploit kits can do damage. You need to know they exist. That way, you will know the measures you must take to stay safe. We hope to impress upon you:

  • what an exploit kit is and what it does
  • how to avoid exploit kits
  • why you need added zero day protection, not only your antivirus, antimalware software
  • why you should install SigFree Cerberus (download here) to add this protection
  •  
    Exploit kits take advantage of vulnerabilities in programs. They focus on programs that are widely used. These programs include browsers, flash and others.

    The exploit kit is stored on hidden websites. You will not realize you were sent there. Malware is planted on well used websites that are trusted. Sometimes this is in an advertisement. You don’t need to click on anything. The malware will secretly direct you to the hidden url in the background. No new browser window will be opened. Software on the site analyzes your system for programs. It looks for known vulnerabilities. Then it decides which exploit kit in its arsenal to plant on your system.

    This is why exploit kits are so dangerous. You will never know that it has been planted on your computer until too late. You can avoid them to some degree by careful browsing. However, the redirect malware can often be planted on normally safe websites.

    Further, the exploit kits can be modified often. So normal antimalware, antivirus is not very useful. These depend on signatures. When malware or the kits change, the signature also changes. This is why you need supplemental zero day protection. The very best zero day protection comes from DayZero Systems. DayZero security software does not rely on signatures as others do.

    Please install DayZero’s SigFree Cerberus. You can download a two-week free trial here.

    Cerberus is completely signature-free. Malware cannot hide from it. Cerberus gives you several layers of protection. In many cases, Cerberus will prevent the malware from sending you to the hidden site. It can also refuse the receipt of the exploit kit into your computer. Finally, even should the exploit kit somehow be planted on your computer, Cerberus can prevent it from stealing information from you. Or from using your computer in a bot network.

    Try DayZero’s SigFree Cerberus now, for free.

    Please browse the following infographic. You will be amazed at what you can learn from it.
     
    exploit kit

    Sony – North Korea or possibly an insider?

    Sony has been a constant news item. Many insist Sony was breached by North Korea. They had the motive, so many say. But does the evidence point to North Korea? Are they the only ones with motive? Or was this more likely the work of an insider? And what are we doing about preventing the next such breach?

    The Sony breach seemed to be tied up securely by the forensics experts
    sony

    From Business Insider article referenced here.

    very early. It was declared an unprecedented breach by an organized group that could not have been caught by antivirus engines. It was declared that it had to be North Korea or a country on behalf of North Korea.
    To quote, “The malware was undetectable by industry standard antivirus software”.
    “The bottom line is that this was an unparalleled and well planned crime, carried out by an organized group, for which neither SPE nor other companies could have been fully prepared.”

    But is this an accurate description of the Sony attack?

    What is ‘detectable by industry standard antivirus software’? Not much. Very likely, not the Sony attack. Traditional antivirus software, even if using behavioral techniques, requires signatures. It needs to have seen the attack or the malware previously. No targeted attack as described in the Sony case should be expected to be caught by ‘industry standard antivirus software’.

    That is where zero day security software such as DayZero’s SigFree Cerberussony comes into play. This type of security software does not rely on signatures. It does not require that the attack have been seen and analyzed before. Security software such as SigFree Cerberus is true zero day protection. In Cerberus’ case, it is designed to find malware planted on a computer and trying to send out private information without permission.

    A free trial copy of SigFree Cerberus may be downloaded from http://cerberus.dayzerosystems.com/download/.

    Some investigators refuse to imagine any attacker of Sony other than North Korea. They cite not only the Sony film, and the stolen and released private information. They also mention the internal damage done. But this in fact is often the fingerprint of a disgruntled insider(s). In fact, the latest speculation on the Sony attack is in fact a series of attackers. And, suspect insiders, past Sony employees for the most part, have been identified.

    Keep in mind that year after year, approximately half of all data breaches are either committed by insiders or otherwise due to human error, in addition to human induced security flaws.

    But what are we doing to prevent the next Sony type attack? Will anyone wake up and accept that our current software security methods are inadequate? Will anyone start to embrace new technology for true zero day protection?