TrustDefender Kernel Forensics - Dealing with todays Silentbanker Trojan and stealthy MBR Virus
icon trustdefender kernel forensics - dealing with todays silentbanker trojan and stealthy mbr virus - final.pdf (1.07 MB)

The Power of the TrustDefender Kernel Forensics Engine

Malware sophistication has evolved heavily over the last couple of months. This is mainly due to the reactive approach of existing security systems. Why should the fraudsters go through the hassle of developing kernel drivers if the only thing they have to do is to keep changing the files a little to defeat signature based Scanners? Traditional Antivirus Engines only protect you against known files and their heuristic engines are somewhat limited. Recent malware distribution methods even include on-the-fly EXE packing to always deliver new executables.

But recently, more and more Rootkit techniques have been introduced and new, sophisticated malware is using these methods to get installed silently and do their nasty work on a kernel level. Now this poses a big threat as
  • it is very hard to detect these threats in the first instance and
  • much, much harder to remove these threats (as we will see later).
There is even quite a big philosophical discussion whether sophisticated Rootkits are detectable at all!

These developments have driven the need for a solution that can effectively protect systems against kernel based attacks, this lead to the development of the ‘Kernel Forensics Mode Project’ at TrustDefender laboratories in early 2007. The basic idea is that every Trojan, Rootkit or just a simple change to the system will leave traces and just like in the real world, forensics analysis is a very powerful tool to see what has happened.

We will provide an overview of the ‘Kernel Forensics capabilities of TrustDefender in this report together with a walkthrough of this new technology in action using the two of the most recent, most horrifying pieces of malware as an example:
We will demonstrate in detail how the Consumer Edition of TrustDefender protects your identity against these two threats. We will also showcase an Enterprise Edition integration of the TrustDefender with a fictional online bank, “myBank”. This will allow you to experience the ‘look and feel’ if your financial institutions implemented the TrustDefender solution.

Full Screenrecord movies are available here: http://www.trustdefender.com/movies/mbr_silentbanker/trustdefender%20-%20live%20demonstration.html
 

Featured Event

Bottom PromotionMeet the TrustDefender Team at the AusCERT 2008 Conference in Gold Coast, Australia from 18-23rd May 2008. Visit us at our stand

Cool Product

Bottom PromotionThe Financial Trust Network is an open framework to provide the best possible protection for online banking customers with website, network and software policies.

Featured Partner

Bottom PromotionPixel IT is one of Australia's leading network solution providers for all types of organisations ranging from small business to large corporations, including academic and government departments.