It started three weeks ago when my application firewall sent out an alert about active malware known as the Angler exploit kit on one of my company’s computers. This came as a surprise, because my top-tier desktop antivirus software did not detect the malware, nor did my well-known, network-based malware detection product.
After some investigation, I found out why my desktop and network antivirus products were essentially blind to this version of Angler. The Angler exploit kit has been around for a couple of years in various forms, and until now it didn’t stand out as a particularly unusual threat. But it turns out that the newest version has some new and improved techniques to avoid detection, such as encryption and the exploitation of zero-day vulnerabilities that haven’t yet been incorporated into the mainstream antivirus products. It also runs only in the memory of the infected computer, instead of installing itself on the hard drive, which is where desktop antivirus products tend to focus their attention. This is the startling part — that the bad guys have found a way to effectively stay invisible.
Powered by WPeMatico