Saturday, February 10, 2007
A New Approach to Mutating Malware
"CBC is reporting that researchers at the Penn State University have discovered a new method of fighting malware that better responds to mutations. From the article: 'The new system identifies a host computer with a high rate of homogeneous connection requests, and blocks the offending computer so no worm-infected packets of data can be sent from it.' This is a change from previous methods, which compared suspected viruses against known signatures. Mutations in malware took advantage of the time-delay between the initial infection and the time taken by the anti-virus system to update its known signatures. This new system claims to be able to recognize new infections nearly instantly, and to cancel the quarantine in case of false alarm."