length: 00:25:17
Lenny Zeltser background: developer, admin, network – all
intersect in security
Then got involved in malware because of interest in
malware analysis
Sample sharing: AV community - closed world – get sample if you know
somebody
Nowadays close malware sample sharing is contradiction
Anybody can gather sample
Things that changes for the better:
-
Behavioral signature
-
Company protect their servers more
Things that got worse:
Biggest challenge how to protect the client
End point: anything that has data.
And if the data is valuable – it will become target
Problem with malware naming: high volume & cross pollination
Another challenge:
-
Generic malware identification
-
Difficulty for forensic – need specific
information
Most AV company prefer to eradicate malware – make generic
detection – but sometime specific information
is needed for legal forensic analysis.
The need of malware writer to go to prison is never so
high as now.
When you bring business acumen to malware – that is not
good for the good guys
Social engineering: the easiest way to steal someone
identity is to ask for it (Jim Walter)
COMMONSENSE is the best AV