Stinkysteve
07-14-2004, 12:19 PM
Please stay current with your updates!!!!
Story here
http://www.internetweek.com/breakingNews/showArticle.jhtml?articleID=23900577
Worm Tries To Foil Anti-Virus Researchers
By Gregg Keizer, TechWeb News
A new worm tries to slip past anti-virus researchers by shutting down their debugging tools, a security firm said Tuesday.
Atak, which was discovered Monday, attempts to terminate any debugger, the tool researchers use to probe virus and worm code they've captured.
"It's really just a lame attempt to stop people who are tying to research it," said Patrick Hinojosa, the chief technology officer of Panda Software. "But any researcher worth his salt will blow right past that."
Although not a serious threat, Atak is another example of how hackers try to complicate the lives of anti-virus researchers. For instance, numerous worms now include code that tries to shut down specific anti-virus and firewall products, and in years past, viruses "armored" themselves against probing by making it difficult for debuggers to even open the payload file.
Another security firm, Finnish-based F-Secure, said that its early analysis also pointed toward a possible attack of Atak on rival worms, such as Netsky, Bagle, MyDoom, and Lovegate. F-Secure hasn't yet determined the extent of that assault -- it's not unusual for one worm to either terminate rivals or replace their files -- but text embedded in the Atak code reads "attack against Netsky, Bagle, Mydoom, Lovgate, Nachi, and Blaster."
But Atak's crack at hiding is the least of virus researchers' problems, said Panda's Hinojosa. "It's not this script-kiddie kind of attempt to keep [a worm] going that has us worried. It's just how much crap is coming out and how fast it's appearing.
"So much is coming out so fast that the biggest [security] hole now for companies and individuals keeping their virus signatures updated is the smaller and smaller window we have to figure out a virus and post a signature change," said Hinojosa. "Now it's typical that we have just a few hours of opportunity to get something out."
That shrinking window is what's driving security firms toward more proactive technologies, said Hinojosa, such as heuristic analysis and hosted intrusion detection software.
Story here
http://www.internetweek.com/breakingNews/showArticle.jhtml?articleID=23900577
Worm Tries To Foil Anti-Virus Researchers
By Gregg Keizer, TechWeb News
A new worm tries to slip past anti-virus researchers by shutting down their debugging tools, a security firm said Tuesday.
Atak, which was discovered Monday, attempts to terminate any debugger, the tool researchers use to probe virus and worm code they've captured.
"It's really just a lame attempt to stop people who are tying to research it," said Patrick Hinojosa, the chief technology officer of Panda Software. "But any researcher worth his salt will blow right past that."
Although not a serious threat, Atak is another example of how hackers try to complicate the lives of anti-virus researchers. For instance, numerous worms now include code that tries to shut down specific anti-virus and firewall products, and in years past, viruses "armored" themselves against probing by making it difficult for debuggers to even open the payload file.
Another security firm, Finnish-based F-Secure, said that its early analysis also pointed toward a possible attack of Atak on rival worms, such as Netsky, Bagle, MyDoom, and Lovegate. F-Secure hasn't yet determined the extent of that assault -- it's not unusual for one worm to either terminate rivals or replace their files -- but text embedded in the Atak code reads "attack against Netsky, Bagle, Mydoom, Lovgate, Nachi, and Blaster."
But Atak's crack at hiding is the least of virus researchers' problems, said Panda's Hinojosa. "It's not this script-kiddie kind of attempt to keep [a worm] going that has us worried. It's just how much crap is coming out and how fast it's appearing.
"So much is coming out so fast that the biggest [security] hole now for companies and individuals keeping their virus signatures updated is the smaller and smaller window we have to figure out a virus and post a signature change," said Hinojosa. "Now it's typical that we have just a few hours of opportunity to get something out."
That shrinking window is what's driving security firms toward more proactive technologies, said Hinojosa, such as heuristic analysis and hosted intrusion detection software.