Virus Writers Looking To Slow Things Down

from the too-fast-means-you-get-caught dept

Mon, Sep 25th 2006 5:27pm — Mike Masnick

It's no secret that malware writers are more likely to be in the virus writing business these days more for profit, rather than fame or for kicks. Hell, we've been seeing articles about this trend for over three years now. However, that also means that the type of malware being written is changing as well. Rather than go for the big hit, with a virus that spreads super fast and makes the headlines, virus writers know that they're better off being sneaky. The less well known their viruses are, the less likely they are to be stopped by security software... and the longer there is to profit from the malware. This probably explains why the various predictions of more big virus attacks have failed to come true. The attacks are still there, but the thinking is entirely different. This is especially interesting from the viewpoint of security companies. In fact, it suggests that many were caught off-guard by this behavior. Plenty of researchers were trying to anticipate the next big attack, when they would have been better off trying to find the next hidden attack.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

7 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous of Course, 25 Sep 2006 @ 5:46pm

Not unexpected
Mark Ludwig covered this describing
slow vs fast infectors attributes.
I think it was in The Little Black Book of
Viruses published 1990.

Depending on the prevailing conditions,
fast may be better as it can out pace the
AV vendors. Slow might be better to avoid
detection but once it's caught the AV vendors
can make short work of it.

This is not a revelation, as always YMMV.
[ link to this | view in thread ]
brwyatt, 25 Sep 2006 @ 9:29pm

Sounds Familiar
I've gotten a few of those... they force you to buy their software or do really trickey registry hacking and/or use really nasty and complicated tools to remove them... Aroura was one that I got a while back... not to mention the ctfmon.exe one (not the language bar, the imposter one) as well as others.... i use Grisoft Network edition and Spybot S&D.... thats the best I can do on a $0 budget, but it seems to work.... We need more free AV software.... People like MS and EA should make them, since they can afford to, not to mention all the PR they gain.... I vote for MS to do it, although it would probably suck.
[ link to this | view in thread ]
Me, 25 Sep 2006 @ 9:43pm

Or Another Option
Or instead of using AV software which doesn't even work in theory ( who's the first one to get a fix for a virus that is already in the wild? ) you can use HIPS or sandbox based software. I use Virtual Sandbox from Fortres Grand, however there are free alternatives as well such as Sandboxie or even VS free version). Easier to stay ahead of the virus writers IMOHO.
[ link to this | view in thread ]
Nobody Important, 25 Sep 2006 @ 11:06pm

Re: Or Another Option
Ok, but why not just get an OS which supports an ownership and permisson system? Any system which tries to be complient with the posix standard will have it. And when you are logged in as your internet user, any virus which breaks into your browser, email client or whatever program you are using can not do much damage at all.

It should be easy to clean. Worse case: you would have to erase the user's entire home directory. If you didn't have any important files there, it shouldn't matter much at all.

Sandboxes can work, but a permission system is better. In fact, using both should make your system nearly impossible to crack--assuming there are no exploitable bugs in the kernel. ;-)
[ link to this | view in thread ]
Anonymous Coward, 26 Sep 2006 @ 5:28am

Re: Re: Or Another Option
I agree that with using both your system would be nearly impossible to crack. Limiting user accounts would cripple most malware attacks, instead of letting your grandma be an "administrator". I think there's something to your suggestion as well, but I personally like the sandbox type of protection since the cleanup IS easy, because it wipes out all changes to the system instantly.
[ link to this | view in thread ]
|333173|3|_||3, 26 Sep 2006 @ 10:03pm

VMWare
Use Firefox running on Windows under VMWare, that way, you have your (il)legal copy of Windows and all the things which legitimate but inept websites (such as my school's web portal) rely on, and legitimate files can be saved to the real HDD, but anything else is killed off when i cloes VMWare without saving anything (great for visiting certain genres of sites where malware is rife). My home accountis not and Admin, and my admin account has no access ti the net, meaning that it is inconvienient to load updates, but I can live with that for better security, and still be able to use FileMaker 5 (which I need to use) withoutthe problems that occur under WINE.
[ link to this | view in thread ]
injection molding, 20 May 2009 @ 5:24am

good
As we all know, nearly almost plastic products around you was made through plastic injection molding – the mouse you are using to click, the PET containers you use to store water or food, and also China printing can help us made the labels to attract potential customers and steel and aluminum made scaffolding made for the purpose of construction and renovation works.
[ link to this | view in thread ]