Feeds

Malicious code exploits unique Win2K function

Another MS 'feature virus'

  • alert
  • submit to reddit

Top 5 reasons to deploy VMware with Tegile

Anti-virus outfit Kaspersky Labs has announced the discovery of W2K.Stream, a working example of a new type of virus designed for Microsoft Windows 2000. The virus uses a "Stream Companion" method to infect the NTFS file system, which allows multiple data streams. In this case one stream will be malicious, and the other will be the original program.

"NTFS enables users to create any number of data streams within a file: independent executable program modules, as well as various service streams (file access rights, encryption data, processing time etc.). This makes NTFS files very flexible, allowing for the creation of user-defined data streams aimed at completing specific tasks," the company explains.

W2K.Stream has not yet been seen in the wild, but it is the first known virus which creates multiple data streams to exploit the features built in to NTFS file system, the company says.

It attacks by creating a data stream into which it moves the original content of the host program, and then replacing the main data stream with malicious code. When the infected program is executed, the virus activates, replicates, and then passes control to the host program, which, if the virus is written well, should run normally, leaving the user none the wiser.

"This virus begins a new era in computer virus creation," Lab Anti-Virus Research Director Eugene Kaspersky said in a written statement. "The 'Stream Companion' technology the virus uses to plant itself into files makes its detection and disinfections extremely difficult."

If W2K.Stream were to go wild it would be easy to detect, Kaspersky allows; but "[similar] viruses can move to additional data streams. In [that] case, many anti-virus products will become obsolete, and their vendors will be forced to redesign their anti-virus engines."

What re-designed engines might mean in terms of 'upgrade' costs to the consumer, we can't say; but it sure sounds like rocking good news for the anti-virus industry in any case. ®

Security for virtualized datacentres

More from The Register

next story
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
iOS 8 release: WebGL now runs everywhere. Hurrah for 3D graphics!
HTML 5's pretty neat ... when your browser supports it
Mathematica hits the Web
Wolfram embraces the cloud, promies private cloud cut of its number-cruncher
Mozilla shutters Labs, tells nobody it's been dead for five months
Staffer's blog reveals all as projects languish on GitHub
'People have forgotten just how late the first iPhone arrived ...'
Plus: 'Google's IDEALISM is an injudicious justification for inappropriate biz practices'
SUSE Linux owner Attachmate gobbled by Micro Focus for $2.3bn
Merger will lead to mainframe and COBOL powerhouse
iOS 8 Healthkit gets a bug SO Apple KILLS it. That's real healthcare!
Not fit for purpose on day of launch, says Cupertino
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.