A honeytrap for malware

[harlan4096]

I haven’t seen the sixth Mission Impossible movie, and I don’t think I will. I sat through the fifth — in suitably zombified state, returning home on a long-haul flight after a tough week’s business — but only because one scene in it was shot in our shiny new modern London office. And that was one Mission Impossible installment too many, really. Nope — not for me. Slap, bang, smash, crash, pow, wow. Oof. Nah, I prefer something a little more challenging, thought-provoking and just plain interesting. After all, I have precious little time as it is!

I really am giving Tom Cruise and Co. a major dissing here, aren’t I? But hold on. I have to give them their due for at least one scene done really rather well (i.e., thought-provoking and plain interesting!). It’s the one where the good guys need to get a bad guy to rat on his bad-guy colleagues, or something like that. So they set up a fake environment in a “hospital” with “CNN” on the “TV” broadcasting a news report about atomic Armageddon. Suitably satisfied his apocalyptic manifesto has been broadcast to the world, the baddie gives up his pals (or was it a login code?) in the deal arranged with his interrogators. Oops. Here’s the clip.

Why do I like this scene so much? Because, actually, it demonstrates really well one of the methods of detecting … previously unseen cyberthreats! There are in fact many such methods — they vary depending on area of application, effectiveness, resource use, and other parameters (I write about them regularly here). But one always seems to stand out: emulation (about which I’ve also written plenty here before).

As in the MI movie, an emulator launches the object being investigated in an isolated, artificial environment, which encourages it to reveal its maliciousness.

Continue Reading