Microsoft engineers have created, like they mention the world's first platform designed specifically to stop exploit kit.
Το εργαλείο ονομάζεται “Kizzle” και είναι ένα γρήγορο signature compiler που έχει σαν στόχο τον εντοπισμό της κοινής πρακτικής επαναχρησιμοποίησης κώδικα από τους developers του κακόβουλο software, to detect disguised signatures weeks before they are detected by current anti-virus techniques.
For those who don't know, exploit kits are an attempt to package several techniques attackand tools, in one multi-tool.
Researchers Stock, Livshits, and Zorn from the University of Erlangen in Nuremberg and Microsoft technicians have released the Kizzle study: A Signature Compiler for Exploit KitsPDF) indicating that the Kits bundles seemed outrageously different until they were decompressed.
“The approach taken by the Kizzle tool is based on our observation that while exploit kits change the malicious software which often contain, kit authors generally reuse much of the code from version to version.
“Ironically, this is a practice technology software that allows us to develop a scalable and accurate detector that is able to quickly respond to the superficial but frequent changes of exploit kits. "
False positive notifications are less than a 0.03%, so we are talking about a huge improvement compared to today's commercial anti-virus.
New technology from Microsoft marks a new era in online security, at least until malicious developers have updated their techniques.
Whatever the researchers' efforts are, however, very worthwhile for today's online community, which is also being attacked by canned threats.