Slashdot Mirror

← Back to Stories (view on slashdot.org)

'Stealth' Worm Hinders Sandbox Analysis

Posted by timothy on from the analysis-says-your-sandbox-has-cats dept.

Tuxedo Jack writes "The Register reports that the new Atak worm cannot be analyzed or debugged by antivirus companies without quite a bit of work, due to the author being sloppy with his or her code. Windows machines, as per the norm, are the only vulnerable ones, and it still requires user intervention to infect. Perhaps future worms will start including this 'bug' in their releases. We can only hope not." It doesn't sound like a bug at all, from the virus writer's perpective.

2 of 461 comments (clear)

  1. AV software particularly effective? by Short+Circuit · · Score: 1, Troll

    I'm not familiar with how AV software innards work, but if the virus exit()s if it detects itself running in a debugging environment, wouldn't AV software make the virus moot?

    I mean, it still resides on your machine, but it refuses to run.

    --
    tasks(723) drafts(105) languages(484) examples(29106)
  2. Are there viruses attacking anti-virus program? by Anonymous Coward · · Score: 0, Troll

    I am curious if there are such thing as viruses attacking specifically firewall and anti-virus apps. Anti-virus apps relies on viral signatures to detect them. But if one releases a new virus that slips past through an anti-virus app and prevents it from working properly in the future or modify firewall apps, a second (and third, fourth, ... ) virus may get in easily undetected.

    Can anyone familiar with virus writing explain if it's possible or not (and why)?