Someone at the SANS security training Institute recently
posted the following in their newsletter:
"Does anyone on your staff do an excellent job of cleaning
out PCs that have been infected by spyware and other
malicious software. We are just starting development of
a new certification (and related training) for Certified
Malware Removal Experts and we are looking for a
council of 30 people who have done a lot of it to help vet
the skills an knowledge required for the certification exam
and classes. "
First off, it is often impossible to undo all the changes made
by certain malware, particularly trojans and rootkits. Since
you often do not have full information of the attack, you cannot
know which of many possible ways the system was compromised.
Often, reinstalling the program/OS is the best solution.
Although hours of painstakingly tedious analysis could address
this concern, most businesses/individuals would simply want
the problem fixed ASAP.
I recently came across a malware cleaning toolkit (yes, it is
malware free) While I would include (just a brief list) more
decompilers, Snort, and the SIS Analysis Toolkit in my
version of this disc, will I really be able to fully disinfect a
compromised system? It would be very tough [see
this article for more info]
My second concern is how this certification program will
be executed. Will it genuinely be for experts in the field,
or yet another certification anyone who knows the basics
of computing can obtain? How much networking, rootkit,
trojan, programming, etc. knowledge will be required to
be "official"? Probably not too much.