| Eric H. Johnson on 5 Oct 2012 13:19:25 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Detecting SQL injection viruses |
Doug, We have been using Malwarebytes to get rid of it, but that is after the fact. I was hoping for something that would intercept it before the machine gets infected. What I recall reading about this is that they work by downloading an encrypted payload with a random key, which defeats pattern matching. The key is relatively short, so it has to guess keys until it gets it, at which point it can then infect the machine. This isn't anywhere near my area of expertise, so I may well be way off base. Regards, Eric > I have a client that is having a problem filtering out what I think > from reading on the Internet are encrypted SQL injection viruses, > which seems to defeat the pattern matching used by Symantec, McAfee, and similar AV tools. > Um... "encrypted SQL injection virus"? What's that? :-) What it sounds like you're describing is standard malware. Products like Malware Bytes and Spotbot Search and Destory would be a good start. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug