Day before yesterday at the BARF (Bay Area Regional Forum of incident response and security teams) monthly dinner, we casually discussed about names of Microsoft Windows program files which look like some virus or spyware.
When ever I get suspicious if anything like a virus is running on my Windows (BTW I dont run Windows often), I press control+alt+del to get a list of system processes. The names of processes look so PHr33KEd and 133ty, I get paranoid. (Does ALG.exe sounds like an AliGator virus?) and search on the net for that name.Note that a perfectly legal sounding name still could be a trojan or a spyware.
Thanks to Casper, in Solaris world we have such a wonderful database of binary fingerprints. Doesn't look like Microsoft has anything similar to it.
A file integrity checker is a good solution, Solaris now has BART, which can do file integrity checks.
Technorati Tag: OpenSolaris
Technorati Tag: Solaris
Technorati Tag: Security
Link | Comments [2]