Oct 24
2011
By David French,
CERT Senior Researcher
Malware,
which is short for “malicious software,” is a growing problem for
government and commercial organizations since it disrupts or denies
important operations, gathers private information without consent, gains
unauthorized access to system resources, and other inappropriate
behaviors. A previous blog post
described the use of “fuzzy hashing” to determine whether two files
suspected of being malware are similar, which helps analysts potentially
save time by identifying opportunities to leverage previous analysis of
malware when confronted with a new attack. This posting continues our
coverage of fuzzy hashing by discussing types of malware against which
similarity measures of any kind (including fuzzy hashing) may be
applied.
Read more...
Oct 17
2011
By Julia Allen,
Principal Researcher
CERT Program
The SEI
has devoted extensive time and effort to defining meaningful metrics
and measures for software quality, software security, information
security, and continuity of operations. The ability of organizations to
measure and track the impact of changes—as well as changes in trends
over time—are important tools to effectively manage operational
resilience, which is the measure of an organization’s ability to perform
its mission in the presence of operational stress and disruption. For
any organization—whether Department of Defense (DoD), federal civilian
agencies, or industry—the ability to protect and sustain essential
assets and services is critical and can help ensure a return to normalcy
when the disruption or stress is eliminated. This blog posting
describes our research to help organizational leaders manage critical
services in the presence of disruption by presenting objectives and
strategic measures for operational resilience, as well as tools to help
them select and define those measures.
Read more...
Mar 28
2011
By David French,
CERT Senior Researcher
Malware—generically defined as software designed to access a
computer system without the owner’s informed consent—is a growing
problem for government and commercial organizations. In recent years,
research into malware focused on similarity metrics to decide whether
two suspected malicious files are similar to one another. Analysts use
these metrics to determine whether a suspected malicious file bears any
resemblance to already verified malicious files. Using these metrics
allows analysts to potentially save time, by identifying opportunities
to leverage previous analysis. This post will describe our efforts to
develop a technique (known as fuzzy hashing) to help analysts determine
whether two pieces of suspected malware are similar.
Read more...
Recent Comments