TrustDefender Kernel Forensics - Dealing with today's Silentbanker Trojan and stealthy MBR Virus

icon trustdefender kernel forensics - dealing with today's silentbanker trojan and stealthy MBR virus - final.pdf (1.07 MB)

The Power of the TrustDefender Kernel Forensics Engine

Malware sophistication has evolved heavily over the few months. This is mainly due to the reactive approach of existing security systems.

After all, why should the fraudsters and online criminals go through the hassle of developing kernel drivers if the only thing they have to do is to keep changing the files a little to defeat signature-based Scanners?

Traditional Antivirus Engines only protect you against known files and their heuristic engines are somewhat limited. Recent malware distribution methods even include on-the-fly .EXE packing to always deliver new executables.

However, more and more Rootkit techniques have recently been introduced and new, sophisticated malware is using these methods to get installed silently and do their nasty work on a kernel level. Now this poses a big threat, as:

  • it is very hard to detect these threats in the first instance and,
  • much, much harder to remove these threats (as we will see later).

There is even quite a big philosophical discussion on whether sophisticated Rootkits are detectable at all!

These developments have driven the need for a solution that can effectively protect systems against kernel based attacks, and this led to the development of the ‘Kernel Forensics Mode Project’ at TrustDefender Labs in early 2007.

The basic idea is that every Trojan, Rootkit or just a simple change to the system will leave traces and, just like in the real world, forensics analysis is a very powerful tool to see what has happened.

We will provide an overview of the ‘Kernel Forensics' capabilities of TrustDefender in this report together with a walkthrough of this new technology in action, using the two of the most recent, most horrifying pieces of malware as an example:

We will demonstrate in detail how the Consumer Edition of TrustDefender protects your identity against these two threats. We will also showcase an Enterprise Edition integration of the TrustDefender with a fictional online bank, “myBank”. This will allow you to experience the ‘look and feel’ if your financial institutions implemented the TrustDefender solution.

Full 'Screen capture' movies are available to view here: http://www.trustdefender.com/movies/mbr_silentbanker/trustdefender%20-%20live%20demonstration.html

 
 

Featured Event

Meet the TrustDefender Team in Oxford at the St Peter's College, Oxford University, UK, from 3-6 August 2009.
See us at the AusCERT Information Security Conference 2010!

Cool Product

Bottom PromotionThe Financial Trust Network is an open framework to provide the best possible protection for online banking customers with website, network and software policies.

Featured Partner

Bottom PromotionPixel IT is one of Australia's leading network solution providers for all types of organisations ranging from small business to large corporations, including academic and government departments.