Category "DayZero Company News"

There are 6 results found

http://www.dayzerosystems.com/

Exploit Kits and You – Not a Love Story

Exploit Kits: A Fast Growing Threat

Exploit kits are internet hit and run incidents about to happen. They are waiting for you to cross their section of the highway. When you do, they run over you. You will never know what happened.

Exploit kit note: This post is largely taken from the article“Exploit Kits: A Fast Growing Threat” which was published on the Malwarebytes Unpacked blog. At the end, we will also provide a helpful infographic which was published with the original article.
Exploit kits can do damage. You need to know they exist. That way, you will know the measures you must take to stay safe. We hope to impress upon you:

  • what an exploit kit is and what it does
  • how to avoid exploit kits
  • why you need added zero day protection, not only your antivirus, antimalware software
  • why you should install SigFree Cerberus (download here) to add this protection
  •  
    Exploit kits take advantage of vulnerabilities in programs. They focus on programs that are widely used. These programs include browsers, flash and others.

    The exploit kit is stored on hidden websites. You will not realize you were sent there. Malware is planted on well used websites that are trusted. Sometimes this is in an advertisement. You don’t need to click on anything. The malware will secretly direct you to the hidden url in the background. No new browser window will be opened. Software on the site analyzes your system for programs. It looks for known vulnerabilities. Then it decides which exploit kit in its arsenal to plant on your system.

    This is why exploit kits are so dangerous. You will never know that it has been planted on your computer until too late. You can avoid them to some degree by careful browsing. However, the redirect malware can often be planted on normally safe websites.

    Further, the exploit kits can be modified often. So normal antimalware, antivirus is not very useful. These depend on signatures. When malware or the kits change, the signature also changes. This is why you need supplemental zero day protection. The very best zero day protection comes from DayZero Systems. DayZero security software does not rely on signatures as others do.

    Please install DayZero’s SigFree Cerberus. You can download a two-week free trial here.

    Cerberus is completely signature-free. Malware cannot hide from it. Cerberus gives you several layers of protection. In many cases, Cerberus will prevent the malware from sending you to the hidden site. It can also refuse the receipt of the exploit kit into your computer. Finally, even should the exploit kit somehow be planted on your computer, Cerberus can prevent it from stealing information from you. Or from using your computer in a bot network.

    Try DayZero’s SigFree Cerberus now, for free.

    Please browse the following infographic. You will be amazed at what you can learn from it.
     
    exploit kit

    Sony – North Korea or possibly an insider?

    Sony has been a constant news item. Many insist Sony was breached by North Korea. They had the motive, so many say. But does the evidence point to North Korea? Are they the only ones with motive? Or was this more likely the work of an insider? And what are we doing about preventing the next such breach?

    The Sony breach seemed to be tied up securely by the forensics experts
    sony

    From Business Insider article referenced here.

    very early. It was declared an unprecedented breach by an organized group that could not have been caught by antivirus engines. It was declared that it had to be North Korea or a country on behalf of North Korea.
    To quote, “The malware was undetectable by industry standard antivirus software”.
    “The bottom line is that this was an unparalleled and well planned crime, carried out by an organized group, for which neither SPE nor other companies could have been fully prepared.”

    But is this an accurate description of the Sony attack?

    What is ‘detectable by industry standard antivirus software’? Not much. Very likely, not the Sony attack. Traditional antivirus software, even if using behavioral techniques, requires signatures. It needs to have seen the attack or the malware previously. No targeted attack as described in the Sony case should be expected to be caught by ‘industry standard antivirus software’.

    That is where zero day security software such as DayZero’s SigFree Cerberussony comes into play. This type of security software does not rely on signatures. It does not require that the attack have been seen and analyzed before. Security software such as SigFree Cerberus is true zero day protection. In Cerberus’ case, it is designed to find malware planted on a computer and trying to send out private information without permission.

    A free trial copy of SigFree Cerberus may be downloaded from http://cerberus.dayzerosystems.com/download/.

    Some investigators refuse to imagine any attacker of Sony other than North Korea. They cite not only the Sony film, and the stolen and released private information. They also mention the internal damage done. But this in fact is often the fingerprint of a disgruntled insider(s). In fact, the latest speculation on the Sony attack is in fact a series of attackers. And, suspect insiders, past Sony employees for the most part, have been identified.

    Keep in mind that year after year, approximately half of all data breaches are either committed by insiders or otherwise due to human error, in addition to human induced security flaws.

    But what are we doing to prevent the next Sony type attack? Will anyone wake up and accept that our current software security methods are inadequate? Will anyone start to embrace new technology for true zero day protection?

    AnyURL.com featuring Cerberus this week

    AnyURL – leading online reseller AnyURL.com has made SigFree Cerberus one of its top three featured applications for this week!

    SigFree Cerberus is one of the three top applications being featured at AnyURL.com this week. AnyURL is a leading online reseller of a wide variety of software applications.

    If you do not immediately see Cerberus on the AnyURL.com home page, you can find it on its dedicated page at http://www.airyurl.com/dayzero-systems-sigfree-cerberus-v1-license/.

    To go to the SigFree Cerberus page on AnyURL.com, just click on the AnyURL image below:
    AnyURL

    Testing shows that Cerberus can detect zero day malware. It provides benefits to users that other security software solutions cannot.

    Tests using real life, zero day malware can show whether security software provides benefits or not. DayZero Systems has just released testing performed during the final stages of development of SigFree Cerberus v1.0.

    The conclusion is very clear. SigFree Cerberus found malware when other security software solutions could not. Cerberus delivers on its benefits.

    SigFree Cerberus provides zero day protection against worms and other similar self-propagating and self-mutating malware. This includes many viruses. Cerberus does not need known signatures so detection can occur before malware spreads. After it spreads, it can cause costly damage. Cerberus can stop the malware before it steals personal information. Before it uses your system resources as part of a bot network.

    A range of results were blogged recently. See a short summary at http://blog.dayzerosystems.com/2014/11/05/benefits/. This included two real life zero day events and one designed attack. There are links to more detailed reports. The designed attack was made with the popular test program, Metasploit, using the “sneaky attack” option.

    The time has come for new thinking in internet security software. DayZero Systems is the first to step up to the challenge. The word is getting out quickly through leading online sellers like AnyURL.com. SigFree Cerberus v1.0 is the first in an arsenal of future signature-free applications to be released by DayZero Systems, the new leader in zero day threat protection. Cerberus does not protect systems from every type of malware. DayZero still recommends continued regular scans using Windows Security Essentials or, on Windows 8, use of Windows Defender.

    SigFree Cerberus v1.0 comes with a free two-week trial. On AnyURL.com, just click: http://www.airyurl.com/dayzero-systems-sigfree-cerberus-v1-license/. DayZero promotes safe computer use. After downloading, right-click on the file name in its folder, click properties, and click the digital signature tab. This ensures that the software comes from a trusted, certified source. The version 1.0 license is US$14.00 per computer on which it is installed, comes with all v1.0 upgrades, and is not time-limited. The license may be bought on the same AnyURL.com page.

    security softwaresecurity software

    Code emulation and sandboxing are dead

    Code emulation and sandboxing are dead. Or they soon will be. At least as so-called zero day and real-time threat protection techniques.

    Today’s threat protection is by its nature signature based. This means that the malware must first be discovered. This can only be after it has been in place for months or years. While undetected, the malware has created losses to users. These losses range from lower computer performance to loss of personal and confidential information.

    Only after the malware is discovered can the signature be defined. But malware writers have a very simple solution. Once their malware is discovered, they change it slightly and spread the infection again. The original signature cannot find it. Or, better, the malware writers build self-mutation into their malware. It modifies itself. While everyone thinks they’ve caught the bugger, the mutation goes on its merry way. It spreads itself until found. Then another mutation. And the vicious circle continues. Current day software security remains lodged firmly in the past.

    Enter heuristics and behavioral techniques coupled with two other tools, the sandbox and code emulation.

    Not having real zero day tools but being faced with zero day threats continuously, threat protection has evolved by attaching a band-aid.

    Software security vendors try to model the behavior of common threats such as viruses and worms. They have tried to use these models to predict when code might be malware. They have no way of knowing it’s malware but they take their best stab. So, the code that is flagged is a suspect. To decide whether the suspect is malware, there are two main avenues:

  • either the behavior is linked to a subset of the 800,000 signatures they have downloaded to your computer and they try to make a match, or,
  • they use a sandbox and code emulation to execute the suspect in a safe environment. In this way, they decide the purpose of the suspect code.
  • But this method has inherent weaknesses. First, the behavior models and heuristics are akin to predicting what you will have for supper by analyzing what you had for breakfast. And, these are not true zero day approaches to malware detection or threat protection.

  • many times, the default still relies on matching the suspect to a signature. In this case, any effort to avoid signature-based detection is thwarted.
  • code emulation in the sandbox takes precious time and delays the data stream. This is a very inefficient attempt at zero day protection.
  • it’s easy for the malware writer to fool the code emulator. This may result in no determination of whether it poses danger or not. Some software security vendors have resorted to simply declaring the suspect malware based on whether it has been seen before. These so-called “reputation” scores are fundamentally baseless.
  • Most important, it is very easy for a malware writer to program their malware to bypass the code emulator.
  •  
    The last is a very interesting topic in itself. Kyle Adams of Juniper Networks successfully an anti-virus product using code emulation with what he described as very simple javascript. In August, Adams’ work was summed up:

    “With his own custom malware, the source code of the malware is effectively hidden from the AVG scanner, and Adams said he could do whatever he wanted. Since the scanner didn’t know about the malware, it couldn’t log it either.” Quoting Adams: “Pretty much the way any AV works is it looks at the file before you run it,” Adams said. “They are trying to judge whether the file itself is going to be malicious.”

    So, code emulation and sandbox use are not zero day techniques. They are extensions of the basic signature definition technique but are highly vulnerable, make the anti-virus program itself a tool to be exploited, and are fraught with error and time delay.

    Adams work was also summed up in Dark Reading: “His research shows that code emulation and sandboxing aren’t really working anymore. “Now you can start to attack code emulators and sandboxes” themselves. At least 10% of attacks are attempting this today.”

    The trends in the mainstream security software technology development continue in the wrong direction.

    DayZero Systems has developed zero day malware detection toolkits that it is just starting to deploy. Take a look at the DayZero technology portfolio at http://www.dayzerosystems.com/#technologies.

    code

    DayZero Explains the SigFree Technology Family!

    Take a look at the DayZero SigFree Technologies used in DayZero Systems’ apps by visiting http://www.dayzerosystems.com/#technologies. These technologies are used in varying degrees in each DayZero app. Briefly, the SigFree branded set of technologies include:

  • Code Abstraction – a unique mapping process of each viable code segment in a data stream or suspect process.
  • Stealth – penetrates attempts by malware creators to disguise or protect their code.
  • Alarms – predictive techniques that raise “smoke signals” within milliseconds when a suspect malware process is detected.
  • Confinement – puts a suspect on hold while analysis proceeds, releases it quickly if the suspect is found to be legitimate.
  • Vulnerability Analysis – predictive techniques of “safe time” for network devices when malware is detected on any other device attached to the network that has Cerberus installed.
  • Malware Analytics – a set of techniques that make final determinations on the suspect and take appropriate action.
  • See more detail at http://www.dayzerosystems.com/#technologies and be sure to visit DayZero Systems