2007 Cyber Defense Initiative - New Courses

The SANS Institute
Contact Stephen Northcutt
FOR IMMEDIATE RELEASE
December 14, 2007

Tel: (808) 823-1375
Email: stephen@sans.edu

SANS announces the dry run of our newest course, Identifying and Removing Malware. Every organization has to face the problem of finding and removing malware and the problem has never been worse. Just this week "in an unprecedented alert, the Director-General of MI5 sent a confidential letter to 300 chief executives and security chiefs at banks, accountants and legal firms this week warning them that they were under attack from "Chinese state organisations." [1] Malware is the primary tool used in these attacks. This course discusses the essential tools and techniques for examining a system, looking for malware using a variety of tools and techniques. We'll look at Graphical and Command line built-in tools of Microsoft Windows, and external free tools that will make you able to stop the infection and remove the malware from the system. One tool taught in the course is "HijackThis an excellent tool to identify and remove malware from Windows computers. When used properly, HijackThis can rid a computer of malware, but in my experience, it works best in combination with other tools specifically designed to remove malware. HijackThis quickly scans and displays the various startup programs and services for a Windows system, as well as BHOs and areas of Internet Explorer typically used by malware."[2]Hands-on workshop exercises are an essential part of this course and you are required to bring a laptop with virtual machine and Windows XP professional installed with you. The instructor will demonstrate the skills discussed in the course, and the manual includes numerous screenshots.

Instructors and subject matter experts are needed. The author, Pedro Bueno did an incredible job on the course, but there are always new rootkits and new tools. If you would like to be an instructor, or maintainer of this course and feel you have the necessary credentials, please contact Stephen Northcutt. According to Bueno, "Malware development is one of the most exciting and rapidly changing aspects of information security. Simple downloaders, trojans, bots, spamming worms, and rootkits are becoming more and more common and are being integrated within the system, trying to make them undetectable for the longest possible time."[3]

Dry runs are scheduled to run at X and Y.

SANS is the most trusted and by far the largest source for information security training and certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - Internet Storm Center. SANS also sponsored the creation of GIAC, a leading industry security certification. The SANS (SysAdmin, Audit, Network, Security) Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals around the world. A range of individuals from auditors and network administrators, to chief information security officers are sharing the lessons they learn and are jointly finding solutions to the challenges they face. At the heart of SANS are the many security practitioners in varied global organizations from corporations to universities working together to help the entire information security community.

# # #

If you would like more information about this topic, or to schedule an interview with Pedro Bueno or Stephen Northcutt, or press requests to see the document before its release date, contact Stephen Northcutt at (808) 823-1375 or send email stephen@sans.edu. URLs of items discussed are shown below:

• http://business.timesonline.co.uk/tol/business/industry_sectors/technology/article2980250.ece
• http://articles.techrepublic.com.com/5100-1009_11-5635123.html
• http://www.sans.org/training/description.php?mid=922