Virus Writers Looking To Slow Things Down

from the too-fast-means-you-get-caught dept

It’s no secret that malware writers are more likely to be in the virus writing business these days more for profit, rather than fame or for kicks. Hell, we’ve been seeing articles about this trend for over three years now. However, that also means that the type of malware being written is changing as well. Rather than go for the big hit, with a virus that spreads super fast and makes the headlines, virus writers know that they’re better off being sneaky. The less well known their viruses are, the less likely they are to be stopped by security software… and the longer there is to profit from the malware. This probably explains why the various predictions of more big virus attacks have failed to come true. The attacks are still there, but the thinking is entirely different. This is especially interesting from the viewpoint of security companies. In fact, it suggests that many were caught off-guard by this behavior. Plenty of researchers were trying to anticipate the next big attack, when they would have been better off trying to find the next hidden attack.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Virus Writers Looking To Slow Things Down”

Subscribe: RSS Leave a comment
Anonymous of Course says:

Not unexpected

Mark Ludwig covered this describing
slow vs fast infectors attributes.
I think it was in The Little Black Book of
Viruses published 1990.

Depending on the prevailing conditions,
fast may be better as it can out pace the
AV vendors. Slow might be better to avoid
detection but once it’s caught the AV vendors
can make short work of it.

This is not a revelation, as always YMMV.

brwyatt says:

Sounds Familiar

I’ve gotten a few of those… they force you to buy their software or do really trickey registry hacking and/or use really nasty and complicated tools to remove them…

Aroura was one that I got a while back… not to mention the ctfmon.exe one (not the language bar, the imposter one) as well as others…. i use Grisoft Network edition and Spybot S&D…. thats the best I can do on a $0 budget, but it seems to work….

We need more free AV software…. People like MS and EA should make them, since they can afford to, not to mention all the PR they gain…. I vote for MS to do it, although it would probably suck.

Me says:

Or Another Option

Or instead of using AV software which doesn’t even work in theory ( who’s the first one to get a fix for a virus that is already in the wild? ) you can use HIPS or sandbox based software. I use Virtual Sandbox from Fortres Grand, however there are free alternatives as well such as Sandboxie or even VS free version). Easier to stay ahead of the virus writers IMOHO.

Nobody Important says:

Re: Or Another Option

Ok, but why not just get an OS which supports an ownership and permisson system? Any system which tries to be complient with the posix standard will have it. And when you are logged in as your internet user, any virus which breaks into your browser, email client or whatever program you are using can not do much damage at all.

It should be easy to clean. Worse case: you would have to erase the user’s entire home directory. If you didn’t have any important files there, it shouldn’t matter much at all.

Sandboxes can work, but a permission system is better. In fact, using both should make your system nearly impossible to crack–assuming there are no exploitable bugs in the kernel. 😉

Anonymous Coward says:

Re: Re: Or Another Option

I agree that with using both your system would be nearly impossible to crack. Limiting user accounts would cripple most malware attacks, instead of letting your grandma be an “administrator”. I think there’s something to your suggestion as well, but I personally like the sandbox type of protection since the cleanup IS easy, because it wipes out all changes to the system instantly.

|333173|3|_||3 says:


Use Firefox running on Windows under VMWare, that way, you have your (il)legal copy of Windows and all the things which legitimate but inept websites (such as my school’s web portal) rely on, and legitimate files can be saved to the real HDD, but anything else is killed off when i cloes VMWare without saving anything (great for visiting certain genres of sites where malware is rife). My home accountis not and Admin, and my admin account has no access ti the net, meaning that it is inconvienient to load updates, but I can live with that for better security, and still be able to use FileMaker 5 (which I need to use) withoutthe problems that occur under WINE.

injection molding (user link) says:


As we all know, nearly almost plastic products around you was made through plastic injection molding – the mouse you are using to click, the PET containers you use to store water or food, and also China printing can help us made the labels to attract potential customers and steel and aluminum made scaffolding made for the purpose of construction and renovation works.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...