Researchers eye machines to tackle malware

["Dude VanWinkle" <dudevanwinkle () gmail com>]

http://www.theregister.co.uk/2006/06/10/machines_analyse_malware/

The reverse engineer - better known amongst security researchers by
his nom de plume, Halvar Flake - created an automated system for
classifying software into groups, a process for which he believes
machines are much better suited.

Research using the system has underscored the sometimes-arbitrary
decisions humans make in classifying malicious programs, he said.
Among other anomalies, he found that Sasser.D has only a 69 per cent
correlation to previous members of the Sasser family, while two
examples of bot software, Gobot and Ghostbot, are more similar.

"It's like putting donkeys and bunnies in the same class because they
both have long ears," Dullien, the founder and CEO of
reverse-engineering tool maker Sabre Security, said in a recent
interview.

The current problems with classifying and naming viruses are among the
reasons that automated classification technology has once again become
a focus of research. The plethora of names for specific malicious
programs has caused confusion amongst consumers, despite a project
that seeks to provide guidance, if not to consumers, to software
analysts and incident responders.

In January, when a new computer virus appeared on the internet,
anti-virus companies rushed to issue alerts and inundated consumers
with a confusing array of names: Blackmal, Nyxem, MyWife, KamaSutra,
Blackworm, Tearec and Worm_Grew all describe the same mass-mailing
computer virus.


-0--------------------------------

Finally! Someone with good judgement - a machine ;-)

-JP
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.