11Jul 07
The perfect attack against your security?
Posted by Munir Kotadia @ 18:05 7 comments
A socially engineered e-mail, which contains a Trojan file that exploits a zero-day vulnerability and then hides behind a rootkit, might be the perfect attack and impossible to defend against.
In order to watch video content you need to enable javascript and install Flash player version 8 or above.
Patrick Runald, senior security specialist at Finnish antivirus firm F-Secure last week told me that some users are obliged to open certain documents as part of their job -- so no amount of education can stop such an attack.
For example, if an HR director receives a CV, what is he supposed to do?
"Even if you know a lot about computers and you know you shouldn't open all attachments, if you receive a document file and it looks valid, it contains something about your work, you are obliged to open it.
"And then it contains a zero-day exploit and will install a Trojan onto your system, typically hidden by a rootkit, which makes it very difficult to detect with an antivirus program," Runald told me in a video interview last week.
When asked how companies can defend against social engineering, he said it was a "difficult" problem.
"You have to install patches -- that is what you have to do," added Runald.
Another problem here is that simply by writing this, am I helping the bad guys or the rest of us -- so we know what we are facing?
This is really scary -- suggestions anyone?
6%
2%
This has been discussed before at http://www.antirootkit.com/blog/2006/11/30/rootkits-in-corporate-espionage/
One of these days something big will happen to someone big because of rootkits,
regards
John