News broke yesterday that three-quarters of malware samples uploaded to “no-distribute scanners” are never shared on “multiscanners” like VirusTotal, and hence, they remain unknown to security firms and researchers for longer periods of time. Andy Norton, Director of Threat Intelligence at Lastline commented below.
Andy Norton, Director of Threat Intelligence at Lastline:
“A big part of using no-distribute scanning sites, is so that you don’t have to share the sample with VirusTotal, and other legitimate scanning portals. The no distribute site allows the malware author to see the current level of detection for their malware in the Anti-Virus community, they can alter the malware until they build a variant that is FuD (Fully UnDetectable). This FuD then becomes the template for all new hashes and they then can create infinite amounts of new hashes of the same file to distribute in email campaigns to potential victims. 65% of the resulting file hashes that are used in malware campaigns spawned from the original FuD are only ever seen by one target victim. Whilst you can always alter the hash, code or structure of a piece of malware, you cannot alter its motive, to behave in a malicious way. Security firms and researchers are having to increasingly turn to behavioural analysis as the last line of defense against these hash swarms.”
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.