Select Page

Microsoft has announced a new free-to-use initiative aimed at uncovering forensic evidence of sabotage on Linux systems, including rootkits and intrusive malware that may otherwise go undetected.

The cloud offering, dubbed Project Freta, is a snapshot-based memory forensic mechanism that aims to provide automated full-system volatile memory inspection of virtual machine (VM) snapshots, with capabilities to spot malicious software, kernel rootkits, and other stealthy malware techniques such as process hiding.

The project is named after Warsaw’s Freta Street, the birthplace of Marie Curie, the famous French-Polish physicist who brought X-ray medical imaging to the battlefield during World War I.

“Modern malware is complex, sophisticated, and designed with non-discoverability as a core tenet,” said Mike Walker, Microsoft’s senior director of New Security Ventures. “Project Freta intends to automate and democratise VM forensics to a point where every user and every enterprise can sweep volatile memory for unknown malware with the push of a button — no setup required.”

The objective is to infer the presence of malware from memory, at the same time gain the upper hand in the fight against threat actors who deploy and reuse stealthy malware on target systems for ulterior motives, and more importantly, render evasion infeasible and increase the development cost of undiscoverable cloud malware.

images from Hacker News