Recently Microsoft’s research team has announced a malware detection service. It is a cloud-based detection service, which is known as the Project Freta. It can detect the rootkits (malicious software), cryptominers, and other malware that go undetected for several reasons.
From the company’s blog, Mike Walker stated that this software is like a trusted roadmap that can detect the regular malware and sweep most of the undetected one from the clouds. At Microsoft, Mike Walker is the Senior Director of New Security Ventures.
The detection of malware usually depends on the sensor of the system. It means the software predicts what is happening with your system-based data, and if anything looks suspicious, it can sweep that malware. But nowadays, the creators are planning to develop something, so that they can surpass something. That’s why there is a need to find some innovative and effective ways to tackle this issue.
These sensors usually detect the datasets collected by the cyberattacks by focusing on those datasets rather than what misses. Therefore, Project Freta tries to solve this issue by reversing the dataset.
If this software can check each image of Virtual Machine’s Volatile memory from the enormous datasets, it can learn the different environments about the behaviour of the several malware precisely.
Project Freta is the only software that doesn’t focus on the low resource attacks as they can be spotted easily by most of the sensors currently available. It tries to block the highly sourced attacked malware created by analyzing the snapshots of several Linux cloud virtual machines. In the beginning, it supported around 4,000 versions of the kernel. The kernel performs tasks like running processors, hard disks, and managing interrupts.
That blog also contains other information like it was designed on a survivor basis. Freta is a security project, which is designed to protect the evasion of the data from the undetected malware especially created in the cloud.
Basically, the project is based on the four pillars, which doesn’t need any kind of program. They are:
- Detect a sensor, which installs itself in the device.
- Hide from the sensor until that program is under the monitoring of the project.
- Burn itself to erase and modify itself when it detects another sensor’s presence in the device or cloud.
- Damage the sensor when it can’t manage malicious files and programs.
The project runs on these properties and guarantees the spotting and eliminating the malware from the cloud or device to protect your data.
One of the project’s significant aim is to make complicated and economically unfeasible walls for malware creators to make an undetectable strand to breach the wall and make cyber-attacks on the infrastructure of the cloud.
Nick Walker also added that a commercial cloud could guarantee the capture of the malware, no matter how exotic it is. In that case, the malware producers have to spend more to create other expensive malware or re-invent the present malware for performing such tasks in Infront of any commercial cloud. The company is expecting this future.
What Are The Key Benefits Of Using Microsoft Freta?
- It can detect the kernel rootkits, process hiding, malicious software, and another intrusion by any suspected program.
- It is too easy to use as you just have to submit a captured image for generating the report.
- Memory inspection means there will be no software that can install itself and If found any, it destroys that software.
- It is specially designed for the IR-like discovery tasks that operate directly into the fabric.
First look: Project Freta A New Malware Detection Project
After learning about this software, you might be thinking about using it. It is effortless, and you can also analyze Linux virtual machine images for rootkits or malware.
For starting, you need to visit https://freta.azurewebsites.net and login with your details of Microsoft’s account.
There you will see a dashboard that shows the sample of the virtual machine and VM snapshots images that will also provide the detailed reports.
You can get various information about kernel calls, open files, debugged processes, and most essential rootkits if you view the reports.
The website also allows you to generate the report in the JSON format that can help you to import their tools. But be sure to upload your own Linux VM images that will allow you to analyze the cloud.
The dashboard allows you to upload the VM images in several formats like:
- Physical memory (.core)
- Hyper-V Memory Snapshot (.vmrs)
- LiME image (.lime)
- Raw Physical Memory Dump (.raw)
After submitting the images, Project Freta will analyze the image and discover different rootkits.
If you are performing any large-scale cloud operations, then you need to analyze the detailed reports in bulk.
But the Interface of the app of the Freta doesn’t allow you to perform bulk uploads for analysis of the files. For that purpose, Microsoft has released a GitHub repository.
Besides, they are offering a brilliant forensics tool for their customers. The tool provides similar features like Project Freta, as it offers valuable services for Microsoft and gives them insight into VM cloud instances.
Presently, the feature is only available for the Linux images, and Microsoft is hoping to add AI-based decision making in this software and support for the windows soon.
Microsoft stated that the great updates of Project Freta are coming ahead like they are going to introduce a support system for windows and building automated program analysis abilities.