Why antivirus companies like mine failed to catch Flame and Stuxnet
http://cdn.arstechnica.net/wp-conten...ty-640x620.jpg Nat W
Mikko Hypponen is the Chief Research Officer of F-Secure. He has been working with computer security for over 20 years and has fought the biggest virus outbreaks in the net, including Loveletter, Blaster, Conficker and Stuxnet. His TED Talk on computer security has been seen by almost a million people and has been translated to over 35 languages.
A couple of days ago, I received an e-mail from Iran. It was sent by an analyst from the Iranian Computer Emergency Response Team, and it was informing me about a piece of malware their team had found infecting a variety of Iranian computers. This turned out to be Flame: the malware that has now been front-page news worldwide.
When we went digging through our archive for related samples of malware, we were surprised to find that we already had samples of Flame, dating back to 2010 and 2011, that we were unaware we possessed. They had come through automated reporting mechanisms, but had never been flagged by the system as something we should examine closely. Researchers at other antivirus firms have found evidence that they received samples of the malware even earlier than this, indicating that the malware was older than 2010.
What this means is that all of us had missed detecting this malware for two years, or more. That's a spectacular failure for our company, and for the antivirus industry in general.
Read more | Comments
http://feeds.feedburner.com/~ff/arst...Vo:V_sGLiPBpWU http://feeds.feedburner.com/~ff/arst...Vo:F7zBnMyn0Lo http://feeds.feedburner.com/~ff/arst...?d=qj6IDK7rITs http://feeds.feedburner.com/~ff/arst...?d=yIl2AUoC8zA
|All times are GMT -5. The time now is 12:45 PM.|
Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright ©1998 - 2014, nV News.