Malware 'Cocktails' Raise Attack Risk

Discussion in 'other security issues & news' started by itman, Mar 14, 2018.

  1. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,591
    Location:
    U.S.A.
    I have been waiting for an article to reinforce what I am now posting. Below is such an article.

    Microsoft recently gained a "lot of free press" coverage in their recent article publication on how cloud based Windows ATP scanning was able to detect a recent Dofoil campaign attack via behavior detection. What tipped me off that "all is not as it appears" in this detection was a comment made in a bleepingcomputer.com article on the Microsoft published article:
    https://www.bleepingcomputer.com/ne...at-tried-to-infect-400-000-users-in-12-hours/

    For reference, Microsoft states in their article, cloud Windows Defender ATP servers detected the attack at noon on Mar. 6. Also stated in the article was over half the AV vendors at VirusTotal also were detecting the malware at that time; a clear indication this was not 0-day malware. Next I went to VT myself and checked other vendors detection of the malware strain MS detected. Eset for example had a signature for this specific malware strain, Win32/Kryptik.GDYD, and it was developed on Mar. 5; one day prior to Microsoft's cloud detection of it. Proof that your best protection against the vast majority of malware is to use an AV product with excellent "generic" signature detection.

    https://www.darkreading.com/endpoint/privacy/malware-cocktails-raise-attack-risk/d/d-id/1331256
     
    Last edited: Mar 14, 2018
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.