Release Note – Upgraded Malware Detection System

As Truman Fisher, the famous American composer, said: “The pause is as important as the note.” So we paused at the end of the year and took a little break.

But we didn’t stop thinking about how to make the Internet a safer place next year. We came back from the Christmas holiday fully charged, motivated, and with many new ideas that can make web hosting providers’ lives easier and their servers even more secure. We immediately got down to our work and have again introduced some new cool features! Let’s see what we have for you this time!

The Malware Detection System

We have a unique malware detection technique: the Source Code Structure Analysis. We wrote about it last year in detail when we introduced it to the shared hosting industry for the first time. Just in short: it creates a special structure-based signature from the source code and then does the matching on the structure. This way, no matter how hackers alter the source, the structure will be the same.

creating

The Creation of Validating Signatures

BitNinja has several modules, which can discover possible vulnerabilities and generate validating signatures. Before this, when a bot with a greylisted IP address tried to upload a file to the Web Captcha, we simply refused it. From now on, we accept it and check what was uploaded. If it’s a PHP file, we create a validating signature because it can be a backdoor or malware.

We did the same with the FTP Captcha module. If the connecting IP was greylisted, it simulated the FTP connection and didn’t allow any real FTP operations for the malicious IP. Now it will enable the connection and makes a validating signature from the uploaded file.

The third module is the Defense Robot for this purpose. It traces back the origin of the malware through to the vulnerability that allowed the hacker to upload the very first malware, and then creates a validating malware signature from it.

And there’s the pro way when you use bitninjacli to upload files and mark them as possible malware.

bitninjacli

The validating signatures are distributed to all your servers, but they are in log only mode. You can find them (log only) in the anti-malware section, on the infected files tab.

Why Do We Need Validating Signatures?

This is used for testing new signatures to avoid false positives. Let me give you an example.

The Defense Robot module is dedicated to auto-investigate the root cause of a new malware hit. So when the anti-malware module finds and quarantines a malware, the Defense Robot module starts to find correlations in your log files. It tries to correlate HTTP, FTP, and control panel log files to find the entry point of the malware. When it finds the entry point, it will automatically create a validating signature from the file.

But what if the attacker has uploaded the backdoor via the WordPress plugin manager? It will create the signature from the wp-plugin.php file. If it were a production signature from the first time, it would delete all the WordPress sites from your server.

The New Way of Malware Signature Validation

Up until now, you had to use the bitninjacli for validation and to create production signatures. That’s the past!

tinder

From now on, you will easily be able to check suspicious signatures on your servers. On the Malware Overview screen, you can find the “Validate suspicious signatures” button. We also show the presence and number of these suspicious items here.

Click on the button, and you can start the validation process, which closely resembles a well-known online dating service. It shows the source of the signature syntax-highlighted, and you can decide whether it’s a malware or not, or you are not sure about it. Publish malware and quarantine the files in one step!

And don’t forget: when you are using it, you are also contributing to the protection of the other BitNinja users. Thanks to the power of the Community the system can raise the number of production signatures exponentially.

uservalidation

This new way of signature creation and validation had awesome results in the first week. The number of validating signatures was 8 times higher than before and we tripled the number of production signatures.

stats

After the user level verification, an AI-based machine learning system alongside pro malware analysts elevates the signatures to a global level.

Make a Wish

Your experiences and recommendations are our most valuable assets. It was always important for us to give you the opportunity to tell us about your ideas and opinions about our features. Now it became simpler than ever. If you click on the magic wand in the right bottom corner you can book a chat, suggest, or vote for a feature.

makeawish


Cybersecurity is not optional anymore. It is a must! If you haven’t tried BitNinja yet, don’t forget to register for the 7-day free trial! No credit card needed!

Free Trial

We are always happy to help you! If you have any questions, check out our Knowledgebase, feel free to ask at info@bitninja.io, or you can even reach us on the Dashboard chat!

Let’s make the internet a safer place together!