ChaCha is a new open source tool for identifying malware signatures and signatures-generated code. It is a fork of OpenSSL/NaCl.
Features:
Automatically detect the signature type for any file that has the same name as a file with the same content.
Finds only the code and not the original file name.
Finds signatures in the following directories:
/home
/var/lib/dnsmasq
/var/run
/var/cache
/var/cache/nginx
What about the “new” malware?
ChaCha is a great tool in search of malware and it works fast. The most common malware found this year are:
ClamAV
Bambu
BungeeCordre
CyanogenMod
Gnomovox
Hiren
Jugo
Kromatic
Malwarey.J
mSafari
Mydoom
Nemo
Odoom
Shadowsock
Webkit/Chrome.Bing/Chromium
It seems to be more common to encounter malware signatures that are created without proper knowledge and control. For example Webkit/Chrome and Opera are very vulnerable to ChaCha, because they’re browsers that are heavily populated with web sites from external sources.
This is also true about malicious websites that are infected through email attachments or flash content or via the embedded script in any form of media (movies, songs, …).
What was the situation on this year’s list?
Overall the detection rate in 2017 was still pretty low, at the lowest level as seen in 2015. However this year’s list has a clear pattern in some cases:
Petya
Chameleon
Ransomware
DDoS: DNS
What about 2014?
2014 saw a lot of attention on malware detection by some well known vendors and a growing number of tools.
Malware that was written in 2014:
Malware that was written in 2015:
More recently:
Why the big increase in detected malware this year?
There’s an overall big increase in detection. Most of these attacks are of a new kind, and some of them are more aggressive than others. We don’t think a recent attack, which
history of social dance ballroom two, history of social dance ballroom shoes, social dance studio near me hipnotiza, social dances and dance mixers, center for social dance schedule 2020 football season