Virus Writers Looking To Slow Things Down
from the too-fast-means-you-get-caught dept
It's no secret that malware writers are more likely to be in the virus writing business these days more for profit, rather than fame or for kicks. Hell, we've been seeing articles about this trend for over three years now. However, that also means that the type of malware being written is changing as well. Rather than go for the big hit, with a virus that spreads super fast and makes the headlines, virus writers know that they're better off being sneaky. The less well known their viruses are, the less likely they are to be stopped by security software... and the longer there is to profit from the malware. This probably explains why the various predictions of more big virus attacks have failed to come true. The attacks are still there, but the thinking is entirely different. This is especially interesting from the viewpoint of security companies. In fact, it suggests that many were caught off-guard by this behavior. Plenty of researchers were trying to anticipate the next big attack, when they would have been better off trying to find the next hidden attack.
Reader Comments (rss)
(Flattened / Threaded)
Not unexpected by Anonymous of Course on Sep 25th, 2006 @ 5:46pm
Mark Ludwig covered this describing
slow vs fast infectors attributes.
I think it was in The Little Black Book of
Viruses published 1990.
Depending on the prevailing conditions,
fast may be better as it can out pace the
AV vendors. Slow might be better to avoid
detection but once it's caught the AV vendors
can make short work of it.
This is not a revelation, as always YMMV.
(reply to this comment) (link to this comment)
Sounds Familiar by brwyatt on Sep 25th, 2006 @ 9:29pm
I've gotten a few of those... they force you to buy their software or do really trickey registry hacking and/or use really nasty and complicated tools to remove them... Aroura was one that I got a while back... not to mention the ctfmon.exe one (not the language bar, the imposter one) as well as others.... i use Grisoft Network edition and Spybot S&D.... thats the best I can do on a $0 budget, but it seems to work.... We need more free AV software.... People like MS and EA should make them, since they can afford to, not to mention all the PR they gain.... I vote for MS to do it, although it would probably suck.
(reply to this comment) (link to this comment)
Or Another Option by Me on Sep 25th, 2006 @ 9:43pm
Or instead of using AV software which doesn't even work in theory ( who's the first one to get a fix for a virus that is already in the wild? ) you can use HIPS or sandbox based software. I use Virtual Sandbox from Fortres Grand, however there are free alternatives as well such as Sandboxie or even VS free version). Easier to stay ahead of the virus writers IMOHO.
(reply to this comment) (link to this comment)
Re: Or Another Option by Nobody Important on Sep 25th, 2006 @ 11:06pm
Ok, but why not just get an OS which supports an ownership and permisson system? Any system which tries to be complient with the posix standard will have it. And when you are logged in as your internet user, any virus which breaks into your browser, email client or whatever program you are using can not do much damage at all.
It should be easy to clean. Worse case: you would have to erase the user's entire home directory. If you didn't have any important files there, it shouldn't matter much at all.
Sandboxes can work, but a permission system is better. In fact, using both should make your system nearly impossible to crack--assuming there are no exploitable bugs in the kernel. ;-)
(reply to this comment) (link to this comment)
Re: Re: Or Another Option by Anonymous Coward on Sep 26th, 2006 @ 5:28am
I agree that with using both your system would be nearly impossible to crack. Limiting user accounts would cripple most malware attacks, instead of letting your grandma be an "administrator". I think there's something to your suggestion as well, but I personally like the sandbox type of protection since the cleanup IS easy, because it wipes out all changes to the system instantly.
(reply to this comment) (link to this comment)
VMWare by |333173|3|_||3 on Sep 26th, 2006 @ 10:03pm
Use Firefox running on Windows under VMWare, that way, you have your (il)legal copy of Windows and all the things which legitimate but inept websites (such as my school's web portal) rely on, and legitimate files can be saved to the real HDD, but anything else is killed off when i cloes VMWare without saving anything (great for visiting certain genres of sites where malware is rife). My home accountis not and Admin, and my admin account has no access ti the net, meaning that it is inconvienient to load updates, but I can live with that for better security, and still be able to use FileMaker 5 (which I need to use) withoutthe problems that occur under WINE.
(reply to this comment) (link to this comment)
Add Your Comment