Malware "best practices"
bmcculley at rcn.com
bmcculley at rcn.com
Wed Jul 26 20:19:01 EDT 2006
"Ben Scott" <dragonhawk at gmail.com> wrote:
> I find blocking all executable files in email and on the
>web is pretty effective. There's still an arms race factor,
>but it's a lot easier to look for "any kind of executable"
>then it is to look for "executable that does bad things".
This is good for simple malware, but new technologies are
introducing new features that can be used in new and
interesting ways. If you haven't previously seen the details
of the MySpace worm that shut down their site last Oct, read
http://namb.la/popular/tech.html and think about how that sort
of thing could be applied elsewhere, or combined with other
mechanisms and attack vectors. btw following the story link
is worthwhile, Samy's anecdote is pretty amusing.
-brucem
More information about the gnhlug-discuss
mailing list