Slow spreading exploit immune to anti-malware applications
Jan 25th, 2008 by Jesper Kråkhede
There is a rather mean and hard to detect infection spreading on different linux servers. Finjan have released a pressrelease regarding this issue. One thing that it states is that the infecton constatly renames and changes itself to keep it from detection of anti-malware applications. It have been known for quite some time that the easiest way to create an undetectable trojan is to compilate it in a new compiler. This is the first time I have read about an automated version of this.
There is still a big discussion regarding how the infection spreads and I will keep a close eye on this. One important tool for security architecture is patch management processes but how do you handle patch managment when there are no patches to secure your system?