Feeds

Malicious code exploits unique Win2K function

Another MS 'feature virus'

  • alert
  • submit to reddit

The essential guide to IT transformation

Anti-virus outfit Kaspersky Labs has announced the discovery of W2K.Stream, a working example of a new type of virus designed for Microsoft Windows 2000. The virus uses a "Stream Companion" method to infect the NTFS file system, which allows multiple data streams. In this case one stream will be malicious, and the other will be the original program.

"NTFS enables users to create any number of data streams within a file: independent executable program modules, as well as various service streams (file access rights, encryption data, processing time etc.). This makes NTFS files very flexible, allowing for the creation of user-defined data streams aimed at completing specific tasks," the company explains.

W2K.Stream has not yet been seen in the wild, but it is the first known virus which creates multiple data streams to exploit the features built in to NTFS file system, the company says.

It attacks by creating a data stream into which it moves the original content of the host program, and then replacing the main data stream with malicious code. When the infected program is executed, the virus activates, replicates, and then passes control to the host program, which, if the virus is written well, should run normally, leaving the user none the wiser.

"This virus begins a new era in computer virus creation," Lab Anti-Virus Research Director Eugene Kaspersky said in a written statement. "The 'Stream Companion' technology the virus uses to plant itself into files makes its detection and disinfections extremely difficult."

If W2K.Stream were to go wild it would be easy to detect, Kaspersky allows; but "[similar] viruses can move to additional data streams. In [that] case, many anti-virus products will become obsolete, and their vendors will be forced to redesign their anti-virus engines."

What re-designed engines might mean in terms of 'upgrade' costs to the consumer, we can't say; but it sure sounds like rocking good news for the anti-virus industry in any case. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
BBC: We're going to slip CODING into kids' TV
Pureed-carrot-in-ice cream C++ surprise
China: You, Microsoft. Office-Windows 'compatibility'. You have 20 days to explain
Told to cough up more details as antitrust probe goes deeper
Windows 7 settles as Windows XP use finally starts to slip … a bit
And at the back of the field, Windows 8.1 is sprinting away from Windows 8
Linux turns 23 and Linus Torvalds celebrates as only he can
No, not with swearing, but by controlling the release cycle
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
This is how I set about making a fortune with my own startup
Would you leave your well-paid job to chase your dream?
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?