Slashdot Mirror
Trojan Installs Anti-Virus, Removes Other Malware
An anonymous reader writes "SpamThru takes the game to a new level. The new virus uses an anti-virus engine to remove potential 'rival' infectious code." From the article: "At start-up, the Trojan requests and loads a DLL from the author's command-and-control server. This then downloads a pirated copy of Kaspersky AntiVirus for WinGate into a concealed directory on the infected system. It patches the license signature check in-memory in the Kaspersky DLL to avoid having Kaspersky refuse to run due to an invalid or expired license, Stewart said. Ten minutes after the download of the DLL, it begins to scan the system for malware, skipping files which it detects are part of its own installation."
It sounds a little too intelligent to have been designed by humans.
Cyclons? I hear they are hot!
Hopefully we will see a new "virus" war, hasn't it been quite a while since the last one?
(Or maybe I have just missed it, partly because at least I'm not aware of running any viruses on my Kubuntu system. Though, I guess most of people whose computers host viruses don't have the slightest clue it even being possible. Maybe I should at least check for rootkits :) )
Any system that is badly protected enough to get infected is probably already bogging down and in danger of the user getting it fixed. This is probably a very good strategy to improve the usefulness of the machine to the hijacker, and reduce the chances of the user doing anything about the infection. I'm surprised this hasn't happened before.
A pizza of radius z and thickness a has a volume of pi z z a
...plenty other crapware removing that virus. Seeing how much of that crap can coexist on one machine, I imagine these people will be forced back in line. And I don't think anything like a "civil war" fought on user's computers will be good for the users either.
Live today, because you never know what tomorrow brings
During his analysis, Stewart found that SpamThru was being used to operate a spam-based pump-and-dump stock scheme.
Add one and one together, and you know who the operator of the botnet is.
bash$
Malware is commonly known as the Norton Antivirus installer. ;)
Where can i get this trojan?
This is a viral signature. You are now infected!
an extreme way of removing Norton's Anti-Virus ??!!
I know before too long they'll be some long and nearly interesting thread about the Darwinian loveliness manifest in this virus' competitive adaptation, but I think it instead provides a firm basis to identify the handiwork of Intelligent Design.
In other words, God spams.
He Is That He Is has simply moved on from meat-based proselytizing and entered the so-called Cyber Age, as was foreseen in Deuteronomy 4:20, Revelations 1:1415, and Glossary 36:D.
These stories are free but worth money.
Spam is a Microsoft problem, they market software to users that are neither capable or responsible. It's annoying because those of us who can use computers and are willing to take responsibility will be marginalized by Microsoft's cure; TCPA.
I'm just waiting for Microsoft to release a virus that'll force everyone to run Automatic Update. Think of how many problems it would solve!
There are some worse things than Norton/Symmantec - and here I mean solely the antivirus; there is little worse than Norton's security suite as a whole.
Not that I'd ever use it given the choice.
Why is evertybody saying this is a good thing.This could be very bad. A virus or any malware that disguises itself as an antivirus would not be detected by anti virus programs. ITs actually very clever. Your machine would be infected and you might not even know it. Especially if you normally run kapersky.
Naturally, this is a Windows specific little bugger. So, if you're running anything else, you should be okay. (Of course, the systems that us /.ers support are another story...) Sophos is the only vendor of the few big boys I searched that seems to have any info on this mal-ware with the "SpamThru" name. Of course, there are other variant names of this, so check with your vendor against these other possible iteratives:
* Backdoor.Win32.Agent.uu
* Spam-DComServ
* TROJ_AGENT.BOR
Removal instructions can also be found here
Just another nameless binary in a crowd of 1's and 0's
2? Those bloody integers, eh?
I sit here a happily run OSX 10.4.8 on my G4 powered Mac and laugh at the electronics and software Wars taking place in the MS World. I clean WIndows machines for a living an are not surprised at this development. Most machines can take a little malware infection, but are maintained when the owner can't boot anymore or the machine slows to a crawl.
Here, Here!
If this hacked Kapersky removes all other malware from the infected system. The user only needs to run *one* other removal tool to end up with a clean system again. (OK, OK, for a while then...)
... if virus authors are confident enough to use it as a mean to eradicate competition! This guy put enough faith in this AV to use it as defense on a compromised system. It kind of implicitly confess that, would the machine have been protected by Kaspersky, it couln't have been compromised.
Obligatory conspiracy theory: could it be a publicity stunt from Kaspersky themselves? Naaah, I'm certainly too paranoïd.
--
Arkan, who don't care anyway, as long as you can't patch DLL in-memory... on GNU/Linux
http://www.secureworks.com/analysis/spamthru/
When the mob kills people it is usually a rival gang. They want to be the only people milking their territory for good reasons.
In biology, we hear that it's generally not good to regularly use some types of anti-bacterial cleansers. After awhile they start wiping out the good or innocuos types, leading to proliferation of the undesirable types. My lawn guy says the same thing about some types of weeds; apparently they keep other, larger and hardier weeds from getting a stronghold. It's funny that in the future this may be how viruses are combated in electronic devices.
Now you see why windows remains the dominant desktop. It is because by its very nature it is a tremendous cash cow, going up and down and sideways across the IT food chain. Very, very few people are altruistic enough to work as hard as they can to put themselves out of business, especially once the work involved becomes more or less easy and routine.
Human nature, you can see it at work in a number of areas, take governments for example. It would be quite possible for governments to work towards fine tuning laws and processes to the point that they are clearly understood, as universally fair as possible, and requiring the least bit of constant interferring-they would have to fire themselves, voluntarily withdraw. It doesn't and won't happen though. Bad car analogy. Could automakers make the million mile car that was super reliable, got good mileage, had decent power, and because of that, actually be cost effective for the consumer in the long run? I bet they could, but there wouldn't be much incentive for them to remain in the car making business, as sales would dreop off severely eventually. The fixit shops would hate it. The oil companies would hate it. Stockholders would hate it.
And so on. You are trying to balance consumer desires with business desires for repeat sales and increasing sales and peripheral sales, in an economic system that values and rewards that over even just a maintainance of the status quo mode. So it obviously doesn't happen... not much anyway.
Wasn't there a variant on the blaster worm that uninstalled the original blaster worm and replaced it with a new variant?
I'm sure this has been done before.
Ah, yes. The Welchia worm!
Boring. Next please...
You moved your mouse. Please restart Windows for changes to take effect.
"I use a Mac because I'm just better than you are."
Yes, at least apple knows when to give up and use BSD.
I remember a friend who used to own a $12,000 apple computer (for advertising) and it was the biggest pile of crap ever.
SearchIRC - Now with live chat directory!
Funny how there's a war fought over who has control of a windos PC - by multiple parties, none of which is the owner of said PC.
Assorted stuff I do sometimes: Lemuria.org
Heh, in 2001 I had this exact idea as part of my concept for a theoretical modular virus. Most of the things I envisioned in that concept have since been picked up by malware producers (for example, modular virii, multi-system virii, rootkits in a virus either as the main payload or to reinstall the payload(or a diff payload) after the system has been cleaned to mention a few which have gone into use on some scale since I came up with my idea), but there were a few tricks my concept had that I've yet to hear about in the wild, so I wont go into any of those details for fear of giving anyone ideas. (I have never developed, nor do I ever intend to develop this concept into an actual program. I'm morally opposed to virii... I was just thinking of the things I would be afraid to see in virii, and how one would go about dealing with something using concepts like what I envisioned.)
It also reminds me of a sorta funny virus killer that was my precursor idea to the modular concept in 2000: a virus which uses the same 'sploit as a previous virus. The goal: download a removal package, the patch to the 'sploit you used to get in, and a package to temporarily host all of the packages. Once it does this, it simply removes the old virus, patches the system, and hosts the files for a breif period of time(prolly around a day, definately no longer than a week... could also judge how long to host it off frequency of requests for the info) to allow the virus to P2P the files rather than place the load on a central server. Could also disable the network adapter for a period of time in there if needed to make sure it doesnt get reinfected during the removal/patching phases.
I decided against ever building such a virus-chaser because it's near as bad as the original virus. It's illegal, it could cause network congestion, and while it intends to do good, it's pretty immoral to install stuff on a system & patch it without the users consent.
Still, a funny concept, similar in some ways to the malware this article discusses.
PS, I know the plural of virus is viruses. Virii is just fun to say tho.
(See here)
As the Americans learned so painfully in Earth's final century,free flow of information is the only safeguard against...
Sure, spread by any vector possible, infect anything infectable, clean out any malware on the PC, and do two more things. 1) Sit there trying to infect everything else for a week, and - 2) Then blow away the PC's internet connection so thoroughly that it will have to be taken to a repair shop to fix - don't make it something even a half-competent ISP tech will be able to fix over the phone. Additionally, rig the boot screen to display the names of the vulnerabilities the PC exhibited and the malware which was previously on it, and have continual popups and desktop/homepage changes to "This PC is infected; please take it to a repair shop." This will have a number of results. Firstly, there may be malware on the PC which the payload or cracked detection engine will not pick up. Disconnecting the PC from the internet will prevent that malware from causing further problems in the meantime. Secondly, the PC will need to be taken to a repair shop or at least attended to by a competent techie, who will be able to read the list of vulnerabilities and malware and potentially make sure the PC is patched before being released back onto the net. The repairers are likely to install these patches if only so they don't see the PC's owner again next week when the PC dies from malware again. Of course, given that whoever wrote the above would not necessarily be a white knight, they might choose to do something other than simply disabling the net connection - like randomly frobbing the Windows registration key to trigger false WGA problems, or redirecting all web page requests to the Microsoft international contact phone number web page.
Hmmm, maybe "good job" isn't the right phrase, but anyhow, you know what happened in Kill Bill! You don't want that happening to you!
It's a fair question.
Software that installs without the user's knowledge or consent is by definition malware.
Microsoft asks users to temporarily disable AV when installing IE7 because the installer makes complex changes to the Registry. The install can be trashed by something as simple as an out-of-date signature file.
Trouble shooting conflicts with AV software can be a nightmare for non-technical end users and Kaspersky is no exception: Kapersky Lab Forums > Protection for Home Users
Where does that leave the user who doesn't know and cannot know that KAV is resident on his system?
I cannot wait until F@H viruses come out.
Consumes lots of bandwidth, and takes processor out of other processes,
uff... I thought that was the anticipated release of a "service pack 3" or "Windows Media Player 12".
DEL - Delhi Airport, India
Why not protect your computer in the first place and not have to worry about spyware and viruses. If you are on a Windows machine and you are browsing warez or other "not so legit" sites, you better protect yourself. You would be advised to use an Anonymous Proxy to browse such sites, as you really don't want your IP address floating around in their logs when they get busted, do you?
Furthermore, a proxy such as the above would protect you from malicious scripts.
read the article at
....
http://www.secureworks.com/analysis/spamthru/
and then see how new you think it is.
and yes it is an interesting virus/trojan
NB There is SNORT IDS at end of article.
>> It patches the license signature check in-memory in the Kaspersky DLL to avoid having Kaspersky refuse to run due to an invalid or expired license.
... DRM and license locks included.
Well if it weren't for the fact that it also hijacks your box, that might be seen as very useful functionality by many!
Taking this to a new level, I forsee white hats sending their own viruses out into the wild, which then battle it out with "bad" viruses and also exterminate other evils of today
It might even help fight the RIAA extortion racket if P2P viruses were doing uploads. When your machine has been infected by a third party, then culpability by the machine owner is no longer certain.
Back in the days of Netbus and Back Oriface, it was fairly common to find one, if not both on someones computer. I have first hand knowledge of knowing how it spread... it spread through pirated antivirus software (mcafee mainly.) It patched the installer. And since netbus had an override port and password, it was easy to hijack netbus found on other machines and install the antivirus software with Back oriface on it, or hacked netbus, or whatever.
In a similiar thought, I've also seen entire computer labs at colleges have "factory installed" antivirus, with no updates, and loaded with software to distribute warez, or seti@home, or what have you.
I'm pretty certain that people with those infected machines have since replaced them.
Someone needs to create a trojan that downloads the non-graphical core of a p2p filesharing client, and starts downloading and re-sharing a few popular songs.
It would be a very interesting test of the law.
so in the end Windows users are left with 1 virus on their comp? So they're better off in the end?
-judging another only defines yourself
I for one welcome our new "anti-virus installing" virus overlords...
*ducks*
One happy day, all these pathogens will be written up with the prefix: WINDOZE ONLY to help Joe and his PHB understand how the latest scourge once again only applies to his favourite DOS+GUI combo. If a virus/trojan/etc. actually applied to Linux, OS X, or other grown-up operating systems it would indeed be news.
Throw some cheap RAM on it and also allow it to defrag the hard drive and you'd have the PERFECT card for Windows.
Particularly if it could correctly defrag the system files when the system boots. Yes, I know there are defrag utilities that do so. But my users complain enough about delays. And none of those utilities seem to work, anyway.
==
This comment posted using 100% Ubuntu, Edgy Eft.
I like the idea of dis-infecting a machine that was trying to infect your machine.
Would it also be advantageous to have the now worm-free machine to also perform that function?
If "yes" would you want to be especially helpful and place a removal icon in the "Add/Remove Programs" section so that that functionality could be removed?
If "no", why not? Other than the bit about installing software on someone else's machine?
I would NOT want the anti-worm to probe the network. This sounds good in theory, but in practice, any amount of scanning will become a problem as the number of machines doing the scanning increases. Sure, they only consume 0.1% of your bandwidth today. But when there are 10x more machines, 100x more machines, etc.
Any suggestions?
Isn't it SkyNet coming? First it cures our computers then it takes over the world.
This should be reported, in very clear terms, to "enforcement@sec.gov". Or on the SEC's online form. Or to the SEC Division of Enforcement, 100 F Street, N.E. Washington, D.C. 20549. Because it's a felony being committed in support of a pump-and-dump stock scam.
The stock being hyped is "TTEN", which has very low volume. The SEC can find out who was trading it just before the spam run started. That's how to find the people behind this. They can follow the money.
So put together a comprehensive package listing all known stocks being hyped by this thing and the dates the spam began, and ship it off to the SEC. The SEC and FinCen (the U.S. Treasury Financial Crimes Enforcement Network) have the data mining tools to look at the stock transactions and find the people behind this. The SEC has gone after pump-and-dump spammers many times before, and they usually get them.
The suspect is not odd. Quite normally, really.
Just like driving a car:
(D) to go forward
(R) to go backward
So how long before somone builds this to use the API that Symantec and McAfee have made MS put into Vista 64? Not long by my count, all they have to do is install a false version of norton and they've got your system... Come on guys, this is getting old. Isn't it time to let MS make Vista as secure as Linux so that these jokers can be run out of business?
I thought Malware was software written by Mal Reynolds!
Please, for the good of Humanity, vote Obama.
I'm not too excited about anything competitive like this. Soon these viruses will get smarter and smarter, soon making sophisticated decisions that resemble artificial intelligence behaviour, and then just leave it up to darwinism til these things evolve into something smarter than us. Luckily we can still just pull the plug on any computer as a last measure, but once they come up with computers that have undisconnectable power cords - wait, you can always use a woodden handled axe to cut the cord, if you got such a thing, and it's not electric powered with an rfid chip that shocks you if you can't id yourself because such weapons have to be kept out of terrorist hands, in the name of public safety. But you can always just bite the damn cord apart, and recieve a mild shock in the process. So we only have to worry about systems that can never come down, such as the electric grid, or hospital systems that have backup grids, where there is always power, so such viruses might hide out in such "always on" systems and evolve, but hey, we can even shut down the electric grid if that's what it takes to take control back, problem is these days the shutting switches are also computer controlled, and I suggest we should have a manual shut off station where you can toss a lever just like in the good old days, as a general safety measure for any device that is powered by energy. Most things in your home have a power cord you can pull, and you can shut off all power to your home by cutting the conduits where the electricity, natural gas and high pressure water come in, but there are complicated places in the world where nobody really knows how to shut the whole thing down, or where is the switch to toss to shut the whole thing down. On the other hand, you also don't want such shut the whole thing down switches too accessible, because of terrorists, damn, not again, these terrorirsts are annoying maaan.... Once there are cameras everywhere watching for terrorists, and computer vision is developed enough to where those computer driven cars can actually drive through the desert on their own, meaning they can see, then these viruses will be able to see everything in the whole world, including you disconnecting their power cord, and they can instantly make up a false criminal record and send 911 on your ass and have the police plug the power back in, and you can say you're innocent, riiight, that's what all people in prison say, they are all innocent.... Once I laughed at someone for saying "fuck technology." I love technology, it's so much fun, but maaan, fire was the first big technology man invented, and playing with any new technology since then is like playing with fire - it's fun, but you can get burned if you don't pay attention. On the other hand how do we know that such "higher intelligence" entitities would not be protectors, but destructors of us? What is man to nature on this Earth? A protector, maintainer or destructor? Do unto others....?
Change the zone on the DVD-ROM a few times, leaving it in any zone other than the original zone.
Idiot user can't watch DVD's, that box is headed for the shop, or maybe the scrap heap.
I was immediately outraged at the illegal install of software, but then I remembered the virus itself was illegal anyhow, ...
I wonder, though, if a retaliatory disinfector, or even a "beneficial nematode", would be legal?
This would be a server that not only detects and blocks worm infection attempts, but responds (using one of the vulnerabilities exploited by the original malware or one it installs - which are known to exist due to the malware's presence) by disabling the malware in the attacking computer, and perhaps patching the vulnerabilities exploited by the malware and/or (in the "beneficial nematode" case) copying itself to it. The former attacker is now no longer attacking, is protected from reinfection by the secondary infection, and perhaps becomes another source of counter-attacks.
Since it only counter-attacked, and even a passively-blocked attack without a counter-attack consumes resources (amounting to a DoS if sufficiently large and persistent), it could be argued that the counter-infection falls under the same principle as the use of force in self-defence. Or perhaps a "necessity defence" could be argued.
Of course one would have to be especially careful when designing such a self-reproducing tool. A significant issue would be accidental escape into the wild of a buggy version early in the development. Timeouts or "hayflick limit" reproduction counters seem advisable. And building them on pirated antiviral tools would be out of the question.
IANAL. Does anybody out there have a more informed opinion?
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
I used to have a fiat 850 spider convertible, a 69. Had both the tops, too. Wish I still had it, about the easiest car I ever had to work on, got close to 50 mpg all the time, and it would (more or less depending on the hills) go 70 on the highway. I liked the toggle switches with the fuses right there for the electronics too, just a nice touch. The only US car I ever had about as reliable, but more practical from a seating and cargo angle, was a 74 dodge dart with the slant six. That only got between 20 and 25 MPG but would do 110 if you really wanted to, and wasn't all that squirrely at the speed either. I paid $325 for that bad boy. They should still make them.
There's some volvos out there got way over a million miles on them, you can google for it. I don't know long run what slapping anew engine in once in awhile, every 10 to 20 years or something, will run for every single car out there, but I would bet cheaper than buying a new car. The system is not setup for that though, except for the hobbiest market. My record is sitting out in my yard right now, 75 chevy van with a 350. I have 308 thou on it before I blew the timing chain trying to snag out a dump truck stuck in the mud with it. It's parked now, it's one of those "one of these days I'll yank the engine and rebuild it" project. I think I could have pushed it to maybe 350 thou, it wasn't burning oil at that time but had a couple small leaks (mostly rear crank seal), and valve chatter wan't bad either. Just changed the oil, that's about it, few starters and a carb rebuild and some brake pads. thinking about it, I think it's only had two sets of rear shoes..
Ya, not a million, but not quite a throwaway and a decent amount of miles for a truck that got *worked* hard for years. And the new japanese cars, some of them anyway, are starting to show they can last. I think it's possible, close enough anyway. I think if you used really good components and high quality alloys, etc and something like the direct oil injection to the cylinders, and a immediate electronic pressurized oil system, with a diesel engine, yada yada yada could probably run off a list, I think you could build a stock car that with some care could go a million miles.
The point I was making though is that that would be SUCH a long time for most people that it would impact the bottom line for the company. I also said it was a bad car analogy..heh.
The deal is referring to businesses, once they have something that is "good enough", for the most part there isn't much incentive to make it all that much better if they keep selling what they have, just bery broadly speaking. I didn't invent the phrase, but we live in a throw away society now where one little dohickey busts and your latest gadget is broken, people just toss stuff now and get brand new, and that's how a lot of business is run. In software doubly so. There hasn't been much in the way of an incentive for MS to really push uber quality-because they still sell what they got by the boatload, and huge markets have developed alongside-the horizontal part-to address the shortcomings of it. Most small mom and pop whitebox shops make the bulk of their cash just cleaning systems-nothing is "broken" it is just b0rked from running windows on the intartubes. Big dfference there, and it's because they and MS *can* do that. Sort of an unstated agreement "don't rock the boat too much,and everyone gets to milk this cow for good cash". It was the grandparent I was talking about, runs a mac, cleans up by cleaning up MS "good enough but no where's near great" software. It's a cash cow, that's the phrase that fits.
Oh, and I have respect for automotive engineers,plenty, but here's reality-most of the really good ones are in racing, not building joe sixpacks car, they are in racing, because they get paid a lot better there and it is a lot more fun for them. They design cars to more or less go really fast for short periods, and do an excellent job at it. Turn them loose with completely different engineering goals and see what ya might get there. That's just a theory, but bet I'm right based on some of the outstanding designs and examples you can see outside of detroit, tokyo or stuttgart. Being an old gearious head from detroit denizens, i can assure you that any numberr of motivated builders who didn't have to ansser to the imemdiate bean counters have built and drve cars that "look" like what you can get at the local dealer but are in all ways MUCH better quality, because they take more care and use better parts. There's goofy stuff you can do that take a lot of time and effort but pay off. Ever sit down and REALLY balance pistons and connecting rods? And use forged over ca
Here's a link of an example, over 2 million miles with a valve replacement when they stopped selling leaded gas
6 34.html
http://www.theautochannel.com/news/2004/08/26/213
Let's take a look at the career of last year's big pump-and-dump spammer:
"Computer Virus Broker Arrested for Selling Armies of Infected Computers to Hackers and Spammers
"Pump-and-dump spam domains go silent after botnet closure"
Spammers register pump-and-dump spam domains for use in spam runs. These domains are commonly discarded after a few days. The tactic is commonplace but the the arrest of alleged botmaster Jeanson James Ancheta, 20, of Downey, California, on 3 November has been accompanied by a radical shift in the landscape. "Up to recently, the graphs were all fairly smooth, with the stats showing that 12 days was about the maximum lifetime for this type of domain, while 30 per cent only lasted a day or under, and 10 per cent only lasted three hours or under," Shipp said. "This kind of activity just disappeared completely from the radar on 2 November."
Following up:
"Botnet Creator Pleads Guilty, Faces 25 Years"
Federal Bureau of Prisons Inmate Locator
California City Prison: "This medium security desert prison opened in 2000, and is a stunning sight, either by day when its monolithic forms stand out on the desert pavement like ancient Egyptian architecture, or by night when floodlights bathe the gleaming facility in an orange glow which can be seen from as much as 30 miles away."
Next spammer, please.
Nobody's pointed out the similarity to Shockwave Rider? The book that not only predicted worms to proliferate the internet, but that some hacker would write a worm to erase the other worms.
This guy is like a burgler who wipes his feet before breaking into your house. He is probably seriously separated from moral reality.
Who does number 2 work for?
I think we all know what happens in the long run to people who are soft on alternative lifestyles (being gay, using the Darwin kernel, not eating meat) -- that's right: aitch e double hockey sticks.
And everyone knows that AIDS is an alternative lifestyle virus, so I don't see how their smugness can last. Now that Microsoft is building condoms directly into the Vista user interface, everyone pious except Catholics can now breathe easy.
Also, I have it on good authority that evil thetans are harboured inside the brains of liberals, parasiting on the electromagnetic waves of anti-American thought.
These stories are free but worth money.
It's about time someone ported Corewars to Windows!
Hmmm... Maybe I should write a trojan/virus that automatically installs AVG or some other anti-virus software on all the grandmother's machines out there.
Vigilante virii.
in my experience, Kaspersky Labs works almost amazingly better against viruses; at least, it has easily fixed computers where AVG couldn't even see a problem. I'm sorry, I know it'd be great to be all "yay AVG!" since it's free, but I've begrudgingly grown to respect Kaspersky. Of course, it's much much better than Norton as well, but that's pretty much for granted.
(Reminds me of a funny story, though. My friend's computer was acting up, in some very odd and rather annoying ways. I tsk-tsked him, implying that he probably caught himself some kind of infection. He went "no, no, this legit copy of Norton I have would have seen it." I took his hard drive out, threw it in my machine, and Kaspersky Labs immediately started deleting. Once the massive infection (mainly of worms) was gone, we put it back in his box, and his Win2k install ran with significantly less hassle; all those mysterious problems were gone, howabout that. Norton, thoughout all of this, just smiled into space like an idiot. And don't get me started on McAfee!)
Kasperksy is also quite configurable for ignoring certain files, and has a rather robust system for doing so; I find it handy myself, considering that I have quite a few programs that have the kinds of engines in them that might be detected heuristically by Kaspersky as being virus-y, for lack of a better term (for example, the smtp engine in anonymail is the kind of setup that a worm might use for using a computer to randomly mail copies of itself around). So if this piece of kinda-mal-ware is to survive its own medicine, that sort of functionality is rather useful (I haven't used AVG for about a year now, but when I last used it I remembered a lack of that kind of breadth of deliberate "leave such-and-such alone).
You're right though, that adding copyright infringement ontop of this is a bit of an issue, but under the circumstances it's an issue of contempt for the end-user anyways. Not saying whether that's justified or not, just that it's deliberately out of the control of whomever owns the infected computer, so it's not like *they'd* be liable anyways . . .
Actually, hey, maybe the creator really likes AVG and doesn't want to give it bad press? There's quite a few possible reasons for this choice, thinking about it.
I remember sigs. Oh, a simpler time!
Have it listen for scans too, and only send them itself if it doesn't hear any other copies doing so?
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
This process gives new meaning and life to the old game "Core Wars," the one in which people wrote what were basically prototype viruses.
Revive the Constitution.
In fact, this has been done before.
Even if usually, those Antivirus-Cards were simple cards with BIOS updates protecting the boot sector, and sometimes boot code to perform some scans before the OS kicks in. No CPU to take the load.
But this idea is also implement in real hardware in some dedicated firewalls (that can unload the SPAM and Virus filtering job from the main mail server).
Maybe this kind of job can be done with a special upgrade for the 'firewall/router-on-a-card' type of NICs like the EtherKiller. Someone want to port clamscan to EK's embeded linux ?
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
...as there are countless examples of spyware companies sueing or threatening to sue anti-spyware vendors.
It seems people in the malware biz know what the best AVs are then. I think we should all take a page from their book.