A recent advisory from the combined "Five Eyes" security agencies shows the attitudes by security authorities in relation to various forms of malware are changing. The Alert titled "Technical Approaches to Uncovering and Remediating Malicious Activity" is a combined work from the various security Agencies of Australia, Canada, New Zealand, UK and USDA and is broadly in two sections.
Detection
The first part addresses a variety of methods to detect the artifacts of intrusion without alerting the intruder to the fact that they've been discovered.
The Alert has a relatively typical list of places to look and iTWire has no issue with the broad scope of this list.
- Running Processes
- Running Services
- Parent-Child Process Trees
- Integrity Hash of Background Executables
- Installed Applications.
- ..MORE
