Malware Writers’ Fingerprints Can Help Build Defenses Against Their Programs
According to security researcher Greg Hoglund at HB Gary a security company, malware writers while developing their programs litter the work with their fingerprints and that can help security professionals to detect the perpetrators as well as prevent them. DarkReading published this on July 29, 2010. Hoglund made his statement at the Las Vegas (US) held Black Hat Briefings security conference on July 28, 2010.
In a lecture about malware attribution, the researcher highlighted various techniques through which a malware's source could be identified, and thereby devise ways of safeguarding against it.
Hoglund said the tools that malware authors used were left through their fingerprints on the software they created. Similarly the pattern of writing the codes and the parameters selected could be detected on the malware. Such evidences could aid security specialists to figure out if a fresh assault was a modification of any earlier attack, alternatively if there was any use of a development kit for creating it.
Said the researcher, while law enforcement officials might not find such information sufficient for tracing the origin i.e. the author of the malware, understanding the similarities within the patterns of malware development could aid in setting up appropriate defenses.
Further according to him, he could determine without difficulty whether anyone created a malware piece and subsequently developed a slightly modified version expecting to get it widely disseminated. Occasionally, cyber-crooks could camouflage their presence via executing an attack out of a foreign country. In case the military or law enforcement attempted at retaliating, it would be necessary for them to ensure that the right person was being chased. VentureBeat published this on July 28, 2010.
In the meantime, remarking about Hoglund's analysis, other security specialists stated that as offensive worldwide capabilities of cyber-war developed and the U.S military raised its offensive and defensive cyber-command, the attribution factor pertaining to cyber assaults became increasingly important. Specifically, it was essential to have the capability of locating an attacker for responding or deterring a traditional type of military assault.
The specialists added that developing successful attribution methods was a necessary element vis-à-vis a country's security on cyber-space.
Related article: Malware Authors Turn More Insidious
» SPAMfighter News - 10-08-2010