Virus Writers Looking To Slow Things Down

from the too-fast-means-you-get-caught dept

It's no secret that malware writers are more likely to be in the virus writing business these days more for profit, rather than fame or for kicks. Hell, we've been seeing articles about this trend for over three years now. However, that also means that the type of malware being written is changing as well. Rather than go for the big hit, with a virus that spreads super fast and makes the headlines, virus writers know that they're better off being sneaky. The less well known their viruses are, the less likely they are to be stopped by security software... and the longer there is to profit from the malware. This probably explains why the various predictions of more big virus attacks have failed to come true. The attacks are still there, but the thinking is entirely different. This is especially interesting from the viewpoint of security companies. In fact, it suggests that many were caught off-guard by this behavior. Plenty of researchers were trying to anticipate the next big attack, when they would have been better off trying to find the next hidden attack.

Reader Comments

Subscribe: RSS

View by: Time | Thread

  • identicon
    Anonymous of Course, 25 Sep 2006 @ 5:46pm

    Not unexpected

    Mark Ludwig covered this describing
    slow vs fast infectors attributes.
    I think it was in The Little Black Book of
    Viruses published 1990.

    Depending on the prevailing conditions,
    fast may be better as it can out pace the
    AV vendors. Slow might be better to avoid
    detection but once it's caught the AV vendors
    can make short work of it.

    This is not a revelation, as always YMMV.

    reply to this | link to this | view in chronology ]

  • identicon
    brwyatt, 25 Sep 2006 @ 9:29pm

    Sounds Familiar

    I've gotten a few of those... they force you to buy their software or do really trickey registry hacking and/or use really nasty and complicated tools to remove them... Aroura was one that I got a while back... not to mention the ctfmon.exe one (not the language bar, the imposter one) as well as others.... i use Grisoft Network edition and Spybot S&D.... thats the best I can do on a $0 budget, but it seems to work.... We need more free AV software.... People like MS and EA should make them, since they can afford to, not to mention all the PR they gain.... I vote for MS to do it, although it would probably suck.

    reply to this | link to this | view in chronology ]

  • identicon
    Me, 25 Sep 2006 @ 9:43pm

    Or Another Option

    Or instead of using AV software which doesn't even work in theory ( who's the first one to get a fix for a virus that is already in the wild? ) you can use HIPS or sandbox based software. I use Virtual Sandbox from Fortres Grand, however there are free alternatives as well such as Sandboxie or even VS free version). Easier to stay ahead of the virus writers IMOHO.

    reply to this | link to this | view in chronology ]

    • identicon
      Nobody Important, 25 Sep 2006 @ 11:06pm

      Re: Or Another Option

      Ok, but why not just get an OS which supports an ownership and permisson system? Any system which tries to be complient with the posix standard will have it. And when you are logged in as your internet user, any virus which breaks into your browser, email client or whatever program you are using can not do much damage at all.

      It should be easy to clean. Worse case: you would have to erase the user's entire home directory. If you didn't have any important files there, it shouldn't matter much at all.

      Sandboxes can work, but a permission system is better. In fact, using both should make your system nearly impossible to crack--assuming there are no exploitable bugs in the kernel. ;-)

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 26 Sep 2006 @ 5:28am

        Re: Re: Or Another Option

        I agree that with using both your system would be nearly impossible to crack. Limiting user accounts would cripple most malware attacks, instead of letting your grandma be an "administrator". I think there's something to your suggestion as well, but I personally like the sandbox type of protection since the cleanup IS easy, because it wipes out all changes to the system instantly.

        reply to this | link to this | view in chronology ]

  • identicon
    |333173|3|_||3, 26 Sep 2006 @ 10:03pm


    Use Firefox running on Windows under VMWare, that way, you have your (il)legal copy of Windows and all the things which legitimate but inept websites (such as my school's web portal) rely on, and legitimate files can be saved to the real HDD, but anything else is killed off when i cloes VMWare without saving anything (great for visiting certain genres of sites where malware is rife). My home accountis not and Admin, and my admin account has no access ti the net, meaning that it is inconvienient to load updates, but I can live with that for better security, and still be able to use FileMaker 5 (which I need to use) withoutthe problems that occur under WINE.

    reply to this | link to this | view in chronology ]

  • identicon
    injection molding, 20 May 2009 @ 5:24am


    As we all know, nearly almost plastic products around you was made through plastic injection molding – the mouse you are using to click, the PET containers you use to store water or food, and also China printing can help us made the labels to attract potential customers and steel and aluminum made scaffolding made for the purpose of construction and renovation works.

    reply to this | link to this | view in chronology ]

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.