How well does the "Detekt" tool identify malware? Are there any other free options similar to this that would be...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
worthy to use in an enterprise setting?
Detection of state-sponsored malware or commercial software that has functionality pioneered by Back Orifice, Dameware or other remote administration Trojans has been tricky for antimalware vendors. Since the intent of newer state-sponsored malware is contrary to the malware's intended target's best interest but is in the best interest of state sponsor, adding detection capabilities to stop the state-sponsored malware could put the antimalware vendor on the state's unfriendly list. The remote administration Trojan Back Orifice was less tricky to deal with in its day since those legitimately using it knew how to allow the software to run, therefore antimalware vendors could block illegitimate Back Orifice use without a lot of difficulty from state-sponsored attackers.
The free Detekt tool can be used by organizations to identify current versions of DarkComet, FinFisher, njRAT and Gh0st RAT malware. It was developed by Claudio Guarnieri in a joint effort with Amnesty International, Digitale Gesellschaft, Privacy International and the Electronic Frontier Foundation to help human rights activists, journalists and others that might be targeted by state-sponsored attackers or using commercial antimalware tools that don't block state-sponsored malware. However, it is important to note that Detekt doesn't detect all of the different varieties of malware that a commercial tool does, it just helps to identify those which the commercial tools don't.
Detekt discovers malware by using the Yara, Volatility and Winpmem tools in conjunction to scan the memory of the potential target system for indicators of surveillance malware. The logs collected by Detekt can then be reviewed by an expert.
Enterprises could benefit from using similar methods to identify and analyze unknown malware. Some endpoint security tools such as Cisco AMP or FireEye MIR Endpoint Forensics will allow for this type of analysis at an enterprise, but most standard antimalware tools do not.
Ask the Expert:
Want to ask Nick Lewis a question about enterprise threats? Submit your question now via email. (All questions are anonymous.)
Is there a RAT on your Exchange system? Explore more RAT-detection strategies here
Learn how to detect and mitigate Poison Ivy RAT malware-style attacks
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
When NSA cyberweapons went public, attackers bundled them into the EternalRocks malware. Nick Lewis takes a closer look at this new threat and ...continue reading
A Google Docs phishing attack used OAuth tokens to affect more than a million Gmail users. Nick Lewis explains how it happened, and how to defend ...continue reading
A vulnerability in Microsoft's Windows Defender antivirus tool left users open to remote code exploitation. Expert Nick Lewis explains how it ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.