Research projects

It’s been a while since I last posted. So here is what’s been keeping us busy at Paretologic:

- we’ve been working on live CDs as a way to eradicate rootkits. Well, the task is actually harder than it looks. There are many distros available that we are trying to customize to our needs.

- our ongoing heuristic research is showing some good results. We are developping technology capable of detecting malware without signatures. For example, brand new threats for which no vendor has had a chance to analyze can be proactively detected based on many static attributes. This is a more sophisticated way than MD5 matching but obviously there are more difficulties in deploying it.

- we have our own sandbox, which we call “logmachine”. Several improvements were done to it. It has in fact become a good resource for collecting more malware samples.

All in all, I’ve been really busy with all that stuff, which kept me off from reading my regular blogs or posting on this blog for that matter.
Also have a couple of security books on my bed side table that I’ve been reading late at night. I have a particular interest in honeypots, so this book is a good read: Virtual Honeypots: From Botnet Tracking to Intrusion Detection.

Jerome