Closed
Bug 908712
Opened 11 years ago
Closed 2 years ago
Identify likely malware DLLs through statistical analysis
Categories
(Webtools Graveyard :: Dragnet, defect)
Tracking
(Not tracked)
RESOLVED
INCOMPLETE
People
(Reporter: brandon, Unassigned)
References
Details
One of the problems that we have with malware is that it offers sufficiently random names that we can't say "X file is malware, remove it." However, assuming that the files are identical (just that the names are different), the debug ID and MD5 hash should also be identical across multiple, differently named files. It should therefore be possible, with these two bits of data, to identify likely malware components by counting how many differently named files have the same MD5. We can come up with a threshold, and tag likely malware as such. We can then use this information in a variety of good ways, like in FHR and the Magic 8 Ball.
Assignee | ||
Updated•8 years ago
|
Product: Webtools → Webtools Graveyard
Comment 1•2 years ago
|
||
This bug lies at rest in the graveyard.
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•