Researchers Uncover 163 New Advanced Evasion Techniques

Tuesday, October 11, 2011



Researchers from security provider Stonesoft have uncovered 163 new Advanced Evasion Techniques (AET) spanning a variety of protocols including IPv4, IPv6, TCP and HTTP, according to an article by HelpNet Security.

AET's, first identified over a year ago, are a variety of malware delivery methods that employ multiple techniques used to evade intrusion detection, firewalls, and antivirus protection in order to infect systems with otherwise ample security mechanisms in place.

The latest batch of AET's identified by Stonesoft are capable of circumventing the intrusion detections systems (IDS) that are currently available, and the company warns that the growing number of evasion combinations is leaving network security vendors scrambling for solutions, or simply ignoring the threat altogether.

“Network security vendors have now had more than a year to provide their customers protection against AETs, but unfortunately we still have not seen much success in this area. Very few vendors have truly understood the magnitude of the problem, while some are struggling to provide some kind of protection. Most of the vendors who acknowledge the problem are incapable of building a working solution - instead, they are keeping themselves busy doing temporary and inflexible fixes. The rest just ignore the issue and do nothing,” said Ilkka Hiidenheimo, founder and CEO of Stonesoft.

In the following video interview taped at the recent Black Hat Conference in Las Vegas, Mark Boltz of Stonesoft disusses his work investigating Advanced Evasion Techniques with Infosec Island's Anthony M. Freed:


Possibly Related Articles:
Viruses & Malware
malware Vulnerabilities Headlines Network Security IDS/IPS Stonesoft Advanced Evasion Techniques AET
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.