Declan McCullagh and Anne Broache on “Will security firms detect police spyware?”
Posted July 18th, 2007 by rybolovVery interesting article on keyloggers and the AV companies.
I’m sitting here trying to think about the problem, the scenario goes something like this:
- I’m the police/$favorite_member_of_NIC and need to keylog somebody
- I need to get the keylogger to the target and their computer
- I need the anti-malware detector on the target computer to not find my product so I can both get a foothold and continue to collect evidence.
So putting on my thinking cap, this is a fairly complicated attack. Yes, malware vendors do it all the time, but they aren’t selective usually in what their target is–they’re throwing what they have at a bajillion targets and taking what sticks.
In order to do this attack right, I would need to know which type of AV/endpoint security the target uses or I need a technique that none of the vendors know about or how to detect. In order to find out the AV that the target uses, I can either break in, hire a snitch, or use a wiretap to wait for the software to phone home for a signature update. Once I know what exactly the target uses for protection, I can plan the attack.
Of course, this assumes that AV is 100% effective, which we all know isn’t true. =)
Similar Posts:
Posted in Hack the Planet, Odds-n-Sods, Technical | No Comments »