|
|
|
Microsoft Says Recovery from Malware Becoming Impossible
By: Ryan Naraine
2006-04-04
Article Rating: / 5
There are 0 user comments on this Network Security & Hardware story.
Microsoft Says Recovery from Malware Becoming Impossible (
Page 1 of 2 ) A Microsoft security official recommends that big businesses invest in an automated process to wipe hard drives and reinstall malware-infested operating systems.LAKE BUENA VISTA, Fla.—In a rare discussion about the severity of the Windows malware scourge, a Microsoft security official said businesses should consider investing in an automated process to wipe hard drives and reinstall operating systems as a practical way to recover from malware infestation.
"When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit," Mike Danseglio, program manager in the Security Solutions group at Microsoft, said in a presentation at the InfoSec World conference here.
Offensive rootkits, which are used hide malware programs and maintain an undetectable presence on an infected machine, have become the weapon of choice for virus and spyware writers and, because they often use kernel hooks to avoid detection, Danseglio said IT administrators may never know if all traces of a rootkit have been successfully removed.
He cited a recent instance where an unnamed branch of the U.S. government struggled with malware infestations on more than 2,000 client machines. "In that case, it was so severe that trying to recover was meaningless. They did not have an automated process to wipe and rebuild the systems, so it became a burden. They had to design a process real fast," Danseglio added.
Danseglio, who delivered two separate presentations at the conference—one on threats and countermeasures to defend against malware infestations in Windows, and the other on the frightening world on Windows rootkits—said anti-virus software is getting better at detecting and removing the latest threats, but for some sophisticated forms of malware, he conceded that the cleanup process is "just way too hard."
 Microsoft says stealth rootkits are bombarding Windows XP SP2 machines. Click here to read more.
"Weve seen the self-healing malware that actually detects that youre trying to get rid of it. You remove it, and the next time you look in that directory, its sitting there. It can simply reinstall itself," he said.
"Detection is difficult, and remediation is often impossible," Danseglio declared. "If it doesnt crash your system or cause your system to freeze, how do you know its there? The answer is you just dont know. Lots of times, you never see the infection occur in real time, and you dont see the malware lingering or running in the background."
He recommended using PepiMK Softwares SpyBot Search & Destroy, Mark Russinovichs RootkitRevealer and Microsofts own Windows Defender, all free utilities that help with malware detection and cleanup, and urged CIOs to take a defense-in-depth approach to preventing infestations.
Are virtual machine rootkits the next big threat? Click here to read more.
Danseglio said malicious hackers are conducting targeted attacks that are "stealthy and effective" and warned that the for-profit motive is much more serious than even the destructive network worms of the past. "In 2006, the attackers want to pay the rent. They dont want to write a worm that destroys your hardware. They want to assimilate your computers and use them to make money.
"At Microsoft, we are fielding 2,000 attacks per hour. We are a constant target, and you have to assume your Internet-facing service is also a big target," Danseglio said.
Next Page: Human stupidity.
|
|
�������xr8(�ViW1E]RleMٖR:��EB��!)/=w^9q_>�M�-y]DD"3H$�?�y$3W7-gB]snS;sa@
Z.%w>;�͂()o��1m�n�f],� _h����vGlJ~x'AT�1�v�R-�)&ӰY |+[3}B��q~qbw[�.hqLIlG5t�uK͂�%H}x�u)t}(DIږy@6�GǮ�J��ߣ*#7�ݙx8/DeOXIYɼ�Mc�Ay<��5A�[h��=k�|�E�k�w0Ni�?쓑�7@Sա*"U�{Q5h"��f��3r�=���F�&lw�&�"�S#&-Ahlu"YRi 3܉\;@ڮ�SV�Hf̲��ݷt{�#�Է@:S�q�S�3Mu��I/#!TBRp`åz�S+�kz?Ķ�h�{'�� �]�U~Bomz^�u�7�ߝ;>i�z(ji�˜HJ&�ԃ)�}(p}=\'�t, .EӝÌfؖqSth(�́V*
(�ZPʍ�W]rL.-g~oTzEÝzc4;�~)UU�q^�H�#[wn5;ZIkPwzɀ\>uɣ5ǁ!�˱ A'Fj;�}�&UJD�Z-�fi&
�_��S��u:}d't6 +?;VU'_ZU�lxmķ~f[� d�Pp9L+pzҐ¯�?��/;d�[��ϺG uH��3�`םBm۲ܹ(BZKEןȃ+�a(7fh�X@�?$eR2z&q*� 1@/�)��4W46�
��-Mn
#d��h��&έf��h-
@ho�*K�>LrM&@Sk~�$GM\5ņ]�)!edFS{۴/^$P�!P샖_.�� jNTwEQ��S'{L^��"ʥ��g����g^bGsQ��4l=�.k\#tWڲ9Q[�kK\M흚=-+�}יN:ǫ1_.=t;0*>c]݈f�",�Q�qsu\StjFb:>J�j�exQi+��r%(NMf[ԑplPòǔI�z:�g���6aϨ>�|�鎓z�>:AG��:ڴ;\ZV�S�4!��6h?`�Ni1[W <ۋJ�pI�x�Z3�x͂��=H:}mP`�~�`�
�e+�!3 uK �Νdrk�o�à�F�k:Fz��?a#0.Zm��{����Ae^~>�aCxwݐ�5nV�AL � �|�U=kb�$`~�
=Dy"fOy�;�
+k3UƝWQVy'g)5Wx�VcC V6_2�-C+��N�Esr���!:w'e?Ŀ\?ͺz+YT]^u 9�JeO{4�m�VJ{2,F6@ȱ\k_X5QWT(:���,�)R�siŰ,Bm6|�G�9̆騤_#mM!v3t�pȞZc�S�+%UV��#SLo^�vij\.gy�
lD0(2n( R&a+B֨N`O#�i6�EGzc|pf:��s?'نdp�$D80V�2Pa�BS몶bg`m1Jx>x#�d\4�6L XbOF��hfh:l���}ݛ�ZA_a֚�?ΆՊRRՄ�iO9&�_G5�k�^��˧6Wصm.2躢��ű=��bj[<��~�)5j1|��jj�0!B,V�ř��8j^p�V~�ɜ�V�4:E�80��e#f+�ꯧ{םT+�pwIQ)0�kM8v�9E1'^{E[=
��:�7�a/S" @548��
y� *�Ozq� �
b
(h
bAzp3
(���XR7,P��ЧGk]W9,#߭0h�h<]HzT%�'VUJj5x�]�1Gq�)4G
�)�7~��g2msg1ה���`3�|xKߙ#[WaeSƘ=H�`�#+0\ �+RU(p5K�2)N<:�`��r]TՑn
OQ��GA.C{��Mt��AkY�,
�ܠYC�aiϖ҆Z/V����A7zEnMsU-y�F�x�ٷ"�yHjZ�}��9~ܔyeb@mgE@�?몦UR]c2�YhSYpg#ؚIuu�LY�vJ�L5s?y�j�=z{⇺q3X uLzW!SB�91^%1��ɹ%w��A֮N�ZPn3i`�ez;W.�x5y3GGu�"�M."�́<08zGdDzz�T|1'y�
uWc5�G�:<*Cz)c��ʜ�e/(SYmq'&F.�,e.N3)a;/&6}j;?/��i�)ՁGEXqk\U��=,
=X畔Z=0¢lz�
z�|ћIc#&�a\ix����Z2:n3RʵRM()BE���,��:
ĕ,6�" ���l�
ezפ(ԕM��Oe%3Eq1쎸8DX=x��d6
ѣ�5Cv53}p0Nos�-4َ�Vum4MtX�"5{Hq#�$˴%I?N����0QtA�*}?*\&�Iv3ҿ��BGD�0|����^%MR#Zִ2hw
ĶVU��?%}D-ӄ>zA�r~VS�=YKrv�zJ�
�rF2�2@BZA$d1~}A&̫{;At�}:L�}:3��w%<��8Խ8cT��,Z>}8�~1���L@IP
��4 7= .&#O^E^�+�ms2�8�-�d�hao0�8�%Qw��EGJc�.[�j��܃g�,=
YE#B�uWȧ�5�fhRbA�q~H�/�6Qb5��%�,wûܹ!�Qל4�"k="S�&a�F{19²V�XȬE`&|oH:gǝU3��_f�~�Rt<~UruHעo9Kj�}J_cNf4��~ P=8Y,rh縵vq��c~:)}Cg�N9˝�~@�u(9�o�=�"HlSO+}2L:1D&rޚS�D[BqLӆ'>�fax!wmn?8B@ɠSN3U(�I[`feQnKl?c�R蔈'=Q؏
z>RB'Դ5˓4/iY(Eqjhd�ꒈ~�~ i&'ءX�ԛ�_/6'8
$O
kzisq/P{~%d�cgKe֊r� p�kP�Q,��+�b
;|E?�3J[L>Xki-�jշΫ���|@�s`#=C!D!QF}rZT�rq�=h${ݛ9��h푮c�ɹ���p
p'a�wʜW#��a,
�?�Y�.�{ �CWC1lyRѵl��d@T7�]���Z�9�X16q�w�v`#(;A�\[S2'4,`�*hM5fX%�Kot.q\�}6\)ar>cA�ɼ��}G��7o��m�\�=e>d>HАZ�=ty8#�-[ݷ�F=f/ݷ$v';Ǎ>-l-8c,\�Oh�Si٘&B�ERTUjlko$�r�YpJE_V
;hd�,�E#^�d1Ws0d&q�K�}#uoo=إ��'֛ݥ~=*A�O��O�4w4
]ekw}B%u�J+z%nwQh�r;Tʂ%%դY(IQ )"{ �G�Hڽ]
Fu�UN&6�mt_c �yi'K��x<|o
:G6�BfX E�V1a;�}k�՛�R.B)@����P`
�ƔI���ic$H)Zų4�M� ��_5�6��Z;a6�*|Zb�Zyba�$\}5 ߈;6bE�#Ɠt�M1XQ|9�L8s{C�4�l�ZSg�לoL_l�XS| � \(��.FӞ܊�|�NE�An˸��E%Ö�d�N._��2�Y�l�2d]ʩJYk(
yWw۰�L�:Sa9I}"N#.;>>C"I
�#
�q#���p-S%3г}TKjK�n#5/rc4qXP�:�1�;3v�(ž�?hsn�A�Ow,�aV*'Qm9�S��iXVkϣ~�-`>���X�?R/'vZ�z�_LĄ�,J1t'b}&o)&(]
`H�W>��Ҭpcw�5d0�RE�SgbZ=
y
N��\W&
<u更�?er��8�P�Gn�2kghLIͱ/L�x9J~أw�'ZossĖgIŰa�ҹJw?SS[ZWZN+v!oW�I]'J!�Xk��VH
�4J\nS'g<\95̳ ȝOL1Kh�xl9(25r}��ȺMph��=g$m,UV&X\�4ajJ�Z%5Zg�:/X|!��P\4-ϻgS
K>��3�wBm/4RޗJmVeX�~˙�V�B�#6\:K{th+t0^�a�HCdp_�+j`Ƀ�ҥsfV��%;܀)HW�9�s}�.]Ob��~"a�>z\|��ˬ-GI�$� �K,o�HFۖ*1�K7�1sv�S.1�qowwwwQQ�'% MUSs-P�VZ"�P..>09�}�ž�FN4.]
R��n,LW�o'}[ ��H�O�@�؈�֛�>kE2Fk,&K�P6ėw�yJGl!%b8M��p'턖||}_� c�I䴈@�aFmg�ǽ9�6?G�yCߐ^̣݉�]!"2�Gl�SRYu��Ƿ�3/Z#&����*qbD��N{
b-Sz�3<Ⱜ`* ?&%��0Ӂ4�IN��'!�=E�x/^cD8$\fa��=~aW��_-o_�YKpe�71Zm=c �ڌ $]c�j�1}i_[Ҹ=�|%=tiwj�aq�x[N�;׳�"1,D'�+
��`Q↧�$S�zK\�"=e�FOݹmJ�`&>[�B,c!"��b>�ckZ\a+/`ҥ�+`=�n�'#\�`װUhr.�Ajd��MsgRl�_�z|P�j�4"Ay�Z@U$ r�@R�H��_C�H/Cvi/C�Xą�ґҽ�=˔eǵ >70Eٛ$y79�=;XO[X�DI����B�#=i--2Eo�@ɟίU=F�I��e��]_gû^Gg˹m�kUt*W}K�\"7{Ph�7h1Woi�|Fd�k3Voz%%TsZ)a
y/Ll6f�<^�I-�ڦ/h�
P|F0
�
c��8+]3y=��Uֿ忍=+tҥoJY?A}bDB/X݊{x{$e
_Mu,B�``D�E�ȡ-�aTWg�*/N|��_F��sa�0m+`9hScW�F�%3z�J�0+~AX�^qgY1&I6Gcu\_QS[7���Z�/�[#�d! `,%o,"%xa��wq�uQ%�ϣ��m��/+iyp\K]}Fm.93�͒Eˉnt
1��ՔZr�O?�P/��.h^,aUd ޕl��W1
{BZ�ě�Tes[��ɧ��j*�.A��iT��-A8�i1�=�Hsr�3#�mz^C �GJk&t];x�Vy
�k�+mLt!_8Ow|
evo�O�%YթJ�]�lݹY?BjLi�E�8ee\)XD=2'!L\R?d_f���:�R!gI>A4�`]*5pZ%24Z^U'q{�W�hkJMLhqϮ�]:�F�[�>=лSP}ӂ"^l;Rʥz5�m��.��K���1p'a-�>"A%bo27�>�Q�&���r�|jI_o6�zKA:`J<)�
Bŋ�~� +^Q�"�#f9big� th'&vUZtRtj�T[���P]�ׯ0OyZܞ=� z{ɰ3�di
ͬ{[QZJYva|�D_x5Rh
3�} ;� �^�=jX:N__J)c#QiC�9U�I&�q{VC,*�t171Ք7�ZvN[EIkטPD�y��+p��SK�C7R�<6$Ae�ȇ5T?�0G
)Uﵺ 5��UP8AHeČ"_H~H'`��2oB`(xc��MI٫T~��Nǻ/�|�T0/b3-#C
oa�|$z34��G�e�@��6dAu*K�_�0��8 rF@Yf�_G���P5�67�E�:iu;���\:A窏��V|�wB&#x�..߆n,�/B�|= 5�aW%O⺢�
2s
1]"aK�\v�S�f+~-�q0�qa)�~;ᘭ#!+^K��Αf`�N\+
��}�h�\prVdL4"&(qTi+$<�|�tN8%"�&L��m�ah�B\E$HJ
1b���Nx
19�SӶaU �s�{S{�%��HA�W|8snj}J"�rڗz�J,B7 t�ϥT�@Q:A�U��
7�T�-G,(�!�L)%B7S�I,F/x�a 3��s��`EPf00��a
�?�ϼy7]_& �AfV'pRt=��:r�tԬ)ʞ�*|{�#�`���c
���2C´vt�\/?>&).yci�� 8�^yN4(MҐ7,X��2�e���{x�C�bRWkJ%z�u���3ʰ�LaK<�ŻAYU&׆.`+YT(�����I+1;}�^oih�� t0 �c3br�Luf�cվ]~>^t.�Ba&hL晾TQ)X7OGYF�}avʜP{:�ͅfU/yr9,4/J��M�DAwp�D(/pY
Q��JNi�21S>>Z>Z��Aw��N|vuI#:�jS#���+j�sZ;&o�j4}V0.8���SL~s4 N�n�,�)
)GmvNy�{9@NN��/?�=>��nu]_=.9_7�?t/r�n��և~Ng(�?r�s��{Csy�}xsMN9y��'EN/>AS(?)�-�sa|/r�"G~.`.rƯ�r�^~�Kx2+�C9C9��
ro�(_�s�+}'ߧ�]Cu^9u�^C9_�]_zy�9r־ą۩�aNy:J�E5rXB]7r�pմ] &J2o-cENi��kz(#s<2g!�h{dZ�+mF�D�nz��D��4k�q�>e�b�ARX1�B�8
gv�SΧ @9z�\�pm`n,0�4�O��W=M-�\ڎwڝGf{ueePkv�dm�oCdxlNaf>ţu.TVl<- �7�q3[� Ljà�s
H01&�#5�,k/�gM>w>^u�o�ҹh
/;35K쓭?M}�f`ͼTV�)pF�F�,RK|c ,{��0�"1@�ݘRzG͐u5шÅ�Mqg�0�ush�Ɛ4IjYj
~ZV-�#\!Fp=bms0&_4v�X4*�D`I9#�T�x|D��ei櫌:���9IC@b&;h8[閾h���p%E��Ч��/v̦H˘1͛YH��Mu?2�ጽND�ʑ�$`
�LB�Pkgq%=q]��XI��mH<�ZA0b{I�W3hېM�ؒET-#G6��jn�ܓID�Ocj[L,�mނz~l�41F�[(Dr(9P�dz�l1@xgL�^:%23�{6o�o\ "eBsMW!��c�JfUc5$7S.S 2bU����G${ �)V
�1>r�Q~�s�溼�t�K�4s}�&s� ��i�@v
t�R�peJIݯmL&S$}(y3 3�S�p'"��Ы2vd`cЁxN�i�1kH�m7g@oJ`Xkt(JV7B��g��3Σ�>�̆I
�ůD|݆lwn<<�T#0�?���ug+6�a`*T�-k��œj@@zĶ;�v(�SvtNu[o�,�*1 {��;Kh6d+/�{)B9�d!X3W]d��A_d|bOh�Zo.TLHd v"н��M)/o��9eoE52FXk[MA%c�7u�>Kwp�o�A�k�O�}L%
(OP"#�q}$!3F-�t$E,�Ma{m����Y{N6� )4�MϫH�ѝEXa%�9v=L뱽�$(\d�~\g;bv 7RǙ,���`+/^�;���g��H2G$!c9*3>S�2m-(EG�r�};�{�,d/+�4bѥO�v��HyUߎ�D.?L$CbiG$]'
"#_S a�oh�ly㲁%#�`�
h�9��ST:�9����Am'{'�OeK-s(ŬBSd�<�)�P㛎bQF%��qm�.�;
+C�&b:γAW �]r��1қ!]c� *|�?����Ge Lwt4?�n90�kn>q$�L�E=��3̾J��D ϱ.y6ظogo`�SDl
.7
�mˬ9s¥"UX�LNR��X,8.� k,�w);>�Ba2\�P��xky�f#%3WnJP/j|V@8̛l+�~Hϱ�I���$`�:=Vږ+yL�n2?J��@�J]�� >mE73T|
�%`GY&U`Kr�8ǩkVmxtz�����w}1u+e!)��1�:�f˟WIٶ�7G,cݰsQa[:�6
�n
ۊ
u�y˷w&{**l+�yX]@cb�,LڙFα
ya1 ���+��o=ȉ�f6�?\g0^�l,eLW��YX&�7$ɶV�/Oى�ׅѰ0$L;,lyED%e��2JAm��f�$f��E [�Rj
19,f@�xI1%h3l䣈mAb�?�åk[�)��,�#{`/�|9)�z��0�
�\\O萻kÐpaf�#3�{��;߂ �i�x�z�X��Z#`*F"�TZ*bJ�ى�[IpR!#79=Ih>e3a#7Dn0Br�d[Lڅt�vc�\j�)/cYT~1�1�<9�9�/@OI"cXM1}a`�|L2<'\��W����aep�?|Y�kh
�ʓ@:iw>J{`��h ~NT�vQ��K}X*(K��- Qwuɂ`�RYXq}"׳o�
~k Whc<�[Wy�&F�gMUjT;IxdM_p+)FҢpL\2L�J^^w�z"f/ROa6%s|N1VKi+^�ϦO*LΙ���+&|Yd�Mp�-�ϱ}R�Z`'m/Zv�OЛ-��
|
Network Security & Hardware 
