From: "M K" <gedropi@xxxxxxxxx>
| Exactly. Thanks.
| On 6/22/10, bart sikkes <b.sikkes@xxxxxxxxx> wrote:
>>> Thanx!
>>> I passed on your comment. Maybe what I should do next is point him to
>>> this News group.
>> and what if the malware uses the port(s) you are going to exclude?
>> specially with malware i would be careful with what you call noise,
>> that noise can be used to hide the malware.
After examining much malware, you get a feel for what is noise (background MS OS
communication) and the malware performing such tasks as; exfiltrtion of data,
communicating to a C2, worms trying dictionary attacks, sending SQL Injecton packets, etc.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp