Like we at Dallas Computer Repair don't have enough malware to recognize and neutralize, now there is a new technique employed to hide the old mainstay malware with masks that make them appear as unique or new when they are simply disguising who they really are.
A few weeks ago while laboring over a laptop repair, PC Virus Doctors could not find any malware although all the malicious software symptoms were present. Many scanners were employed, including online scanners and nothing was showing up. A rootkit was then suspected, however, no rootkit scanners were picking anything up.
The authors of Dref and Dorf have used several masks to hide their viruses and they can morf the masks into thousands of variations, according to Information Week's latest article. HckPk, the masking piece of malware, accounted for over half of malware seen in February's infections with over 6,000 variations. When the worm Storm hit the internet it morphed over 1,500 times the first weekend according to the ant-virus vendor Sophos.
As HckPk is able to mask and hide itself within conventional malware and be tweaked and tuned by virus writers it will leave anti-virus vendors with a hefty workload trying to figure out how to put a stop to the problem Not only is the unlimited morphing an issue but each morphed version must first have its code unraveled.
The solution to this new problem will no doubtedly bring a new module of anti-virus scanning to the heuristic model. That being said, with the morphing appears to have no set limits on how it changes so it looks like the anti-virus engineers will have their work cut out for the for quite some time.
The big boy vendors like McAfee and Norton, reputedly sequester their anti-virus teams until they can identify the malware and provide a "fix", may be in for a long-haul.
Break out the coffee pots boys and girls. It's going to be a long picnic.
A few weeks ago while laboring over a laptop repair, PC Virus Doctors could not find any malware although all the malicious software symptoms were present. Many scanners were employed, including online scanners and nothing was showing up. A rootkit was then suspected, however, no rootkit scanners were picking anything up.
The authors of Dref and Dorf have used several masks to hide their viruses and they can morf the masks into thousands of variations, according to Information Week's latest article. HckPk, the masking piece of malware, accounted for over half of malware seen in February's infections with over 6,000 variations. When the worm Storm hit the internet it morphed over 1,500 times the first weekend according to the ant-virus vendor Sophos.
As HckPk is able to mask and hide itself within conventional malware and be tweaked and tuned by virus writers it will leave anti-virus vendors with a hefty workload trying to figure out how to put a stop to the problem Not only is the unlimited morphing an issue but each morphed version must first have its code unraveled.
The solution to this new problem will no doubtedly bring a new module of anti-virus scanning to the heuristic model. That being said, with the morphing appears to have no set limits on how it changes so it looks like the anti-virus engineers will have their work cut out for the for quite some time.
The big boy vendors like McAfee and Norton, reputedly sequester their anti-virus teams until they can identify the malware and provide a "fix", may be in for a long-haul.
Break out the coffee pots boys and girls. It's going to be a long picnic.
No comments:
Post a Comment