videoeditor1 Posted July 13, 2004 Share Posted July 13, 2004 From C-NET ------------ Worm sleeps to avoid detection Last modified: July 13, 2004, 6:53 AM PDT By Munir Kotadia Special to CNET News.com The latest mass-mailing worm, Atak, hides by going to sleep when it suspects that antivirus software is trying to detect it. Atak was first discovered Monday. Although antivirus companies do not expect it to cause much damage, they say it will be a nuisance because it can generate a large amount of spam. Graham Cluley, senior technology consultant for antivirus company Sophos, said authors of malicious software generally try to make the job of antivirus researchers as difficult as possible by adding confusing code and using evasion techniques. "Atak tries to tell when someone is stepping through the code to analyze whether it is a virus or not. Often, a virus will contain lots of code that is designed to make it more complicated for (antivirus) companies to write the detections," Cluley said. Mikko Hypponen, director of antivirus research at Finnish company F-Secure, said that although it is common practice for virus writers to protect their malware, this worm is exceptional. "It is standard for worms to have layers of encryption--or armoring--to keep out snoopers, but this goes way beyond that. It tries actively to detect if it is being analyzed by antivirus research tools. If it thinks it is being analyzed, it stops running and shuts down," Hypponen said. Atak is not thought to be a serious threat. But because of recent ..... Link to comment Share on other sites More sharing options...
Anderton Posted July 13, 2004 Share Posted July 13, 2004 People who create viruses should be sentenced to going from business to business, archiving and backing up all materials on their computers to a neat, secure, and organized archiving system. The sentence lasts 10 years, with no breaks! Craig Anderton Educational site: http://www.craiganderton.org Music: http://www.youtube.com/thecraiganderton Twitter: http://www.twitter.com/craig_anderton Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.