|
|
|
|
|
|
by varunsharma07
1513 days ago
|
|
|
If there was a way to know the behavior of NotPetya and realize that it has code to do things that M.E.Doc (the tax preparation program that was backdoored) was not supposed to do, that could have been used as a way to reject its installation. We are far away from being able to do such analysis at scale, but my point is that it is ultimately the behavior of software that makes it malicious or not. |
|
|
If you are relying on detecting behaviour, then you have to run it.
NotPetya did nothing abnormal until it was triggered by the response to a normal network call. The first opportunity to block it would be when it was triggered.
So you could not have blocked the install by this method.
You can detect likely malicious behavior and contain those systems, which would have helped.