Whitelisting – how it protects us

13 Aug 2010

minute read

Authors

Dennis Fisher

Malware writers are inventing new attacks regularly – but the anti-virus industry invents new protection techniques just as regularly. Whitelisting is on of the newer protection technology which are now standard in Internet Security products. It sounds positive, but how does it actually work? Does it overload your computer? How can developers whitelist their programs? Will whitelisting replace other protection technologies?

Join Andrey Nikishin, Director of Cloud and Content Technology Research, Vladimir Zapolyansky, Manager of Whitlelisting and myself as we discuss how whitelisting itself works. We will also discuss how software writers can join our program and what the benefits are for them.

Authors

Dennis Fisher

Whitelisting – how it protects us

Latest Posts

Reports

The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.

A41APT is a long-running campaign with activities detected from March 2019 to the end of December 2020. Most of the discovered malware families are fileless malware and they have not been seen before.

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Whitelisting – how it protects us

Forecasts for 2014 – Expert Opinion

Corporate Threats in 2013 – The Expert Opinion

Top security stories of 2013 – the expert opinion

Lab Matters – The death of browser trust

Lab Matters – The threat from P2P botnets

Latest Posts

Malicious code in APKPure app

Financial Cyberthreats in 2020

APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign

Doxing in the corporate sector

Reports

The leap of a Cycldek-related threat actor

APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign

Lazarus targets defense industry with ThreatNeedle

Sunburst backdoor – code overlaps with Kazuar

Subscribe to our weekly e-mails