Last week, Microsoft officially unveiled Project Freta — an advanced service for identifying malware in the cloud by scanning VMs and Linux systems.
Project Freta will automate all phases of analysis of Linux virtual machines in the cloud, through forensic memory analysis mechanics by NExT Security Ventures (NSV).
In a recent blog post, Microsoft researchers break down the working of Project Freta. According to the company, Project Freta is a roadmap toward trusted sensing for the cloud that can allow enterprises to engage in regular, complete discovery sweeps for undetected malware.
The search for new undetectable malware is usually as complicated as it is important because a malware that has not been discovered can potentially continue to spread and act in a virtually unchallenged manner. Once detected, however, it becomes easier to mitigate the damage caused (or prevent it altogether).
In a nutshell, the Project Freta allows you to carry out system memory inspections of live Linux systems in a “silent” way, with the aim of finding malware without being detected by the malware itself.
If implemented successfully, Project Freta will force attackers to re-invent malware to go undetected, which should reduce the number of viable attack methods. The tool is designed primarily for corporate use, currently supports 4,000 different versions of the Linux kernel.
Project Freta, which has been in development for almost two years now, plans to integrate new features, including the ability to real-time migration of the RAM of virtual machines in an offline environment, so that they can be analyzed further (and in a more secure way). The service, currently in the “demonstration” phase, is available here.
