Stealth virus is stealthiest of all
Print storyUnder Atak
Posted in Anti-Virus, 14th July 2004 09:31 GMT
Free whitepaper – Avoiding 7 common mistakes of IT security compliance
There's a new mass mailing virus in town, and it's built to make life even more difficult for anti-virus researchers.
Atak uses a variety of tactics in its attempts to escape antivirus analysis. Its main trick is to check to see if it's being run in a debugging environment. If so, it exits to avoid detection. The ploy prevents casual perusal of the code by researchers and (potentially) rival virus writers.
A possible bug, related to the way Atak checks its activation date, prevents it from being run in a "sandbox". A sandbox is a virtual environment commonly used by AV researchers to look at the behaviour of malware in a safe place.
"I haven't seen such ruses used in a mass mailer in a long time. This piece of code is so sloppy, it's devious," said Mircea Ciubotariu, a researcher at Romanian AV firm BitDefender.
Aside from its stealth behaviour the virus is a fairly standard mass mailer. It infects Windows PCs only (natch). Atak is spreading, albeit modestly, and most AV firms rate it as a low-to-medium risk threat. ®
Related stories
MS hatches July patch batch
All quiet on the malware front
Symantec fights auto-responder menace
Malware attacks IE users via pop-ups
CERT recommends anything but IE
Free whitepaper – Certify your software integrity with Thawte code signing certificates
The best practices guide for application security
Reducing messaging and web security costs with managed services
Avoiding 7 common mistakes of IT security compliance
Certify your software integrity with Thawte code signing certificates
The future of SaaS and IT infrastructure management
Feds: Hospital hacker's 'massive' DDoS averted
Buggy 'smart meters' open door to power-grid botnet
Microsoft knew of nasty IE bug a year before attacks
BlockMaster SafeStick hardware-encrypted USB drive