| TrustDefender Kernel Forensics - Dealing with todays Silentbanker Trojan and stealthy MBR Virus |
trustdefender kernel forensics - dealing with todays silentbanker trojan and stealthy mbr virus - final.pdf (1.07 MB) The Power of the TrustDefender Kernel Forensics EngineMalware sophistication has evolved heavily over the last couple of months. This is mainly due to the reactive approach of existing security systems. Why should the fraudsters go through the hassle of developing kernel drivers if the only thing they have to do is to keep changing the files a little to defeat signature based Scanners? Traditional Antivirus Engines only protect you against known files and their heuristic engines are somewhat limited. Recent malware distribution methods even include on-the-fly EXE packing to always deliver new executables.But recently, more and more Rootkit techniques have been introduced and new, sophisticated malware is using these methods to get installed silently and do their nasty work on a kernel level. Now this poses a big threat as
These developments have driven the need for a solution that can effectively protect systems against kernel based attacks, this lead to the development of the ‘Kernel Forensics Mode Project’ at TrustDefender laboratories in early 2007. The basic idea is that every Trojan, Rootkit or just a simple change to the system will leave traces and just like in the real world, forensics analysis is a very powerful tool to see what has happened. We will provide an overview of the ‘Kernel Forensics capabilities of TrustDefender in this report together with a walkthrough of this new technology in action using the two of the most recent, most horrifying pieces of malware as an example:
Full Screenrecord movies are available here: http://www.trustdefender.com/movies/mbr_silentbanker/trustdefender%20-%20live%20demonstration.html |