When Malware Attacks Malware

PetManimal writes "Researchers say that the Storm Trojan/Peacomm worm has been tweaked to spread via IM programs and attack rival malware. Symantec sounded the alarm, and says that the exploit launches in AOL, Google Talk, and Yahoo Messenger windows that are already open, making it appear to be a legitimate message from a known user. The worm has modified the code from last year's Nuwar worm, and when activated, enables a DDoS attack against any site, including antispam services and servers supporting rival malware: 'Systems hijacked by Peacomm have also conducted DDoS attacks against at least five domains used by the creators of the noted Warezov (or Stration) worm. After a busy September and October, Warezov was credited by some analysts as the genesis of 2006's massive fourth-quarter spike in spam volume.'"

Stronger malware

[eviloverlordx]

It just means that, in a few years, all of the malware will be significantly harder to kill. All of the weaker 'species' will have been driven to extinction (via changes in coding). It had to happen eventually. We may even see 'anti-viral resistant' strains.

Re:Easy to kill

[maxwell+demon]

Given that today's ROMs are typically flash, how long until some malware just reflashes it? This would also allow the malware to take control even before the OS boots up.

Re:It begins

[AeroIllini]

That's an interesting analogy, and I agree that malware will get consistently more advanced, eventually creating mutatable (and thus evolvable) strains that will evade anti-malware programs without the intervention of the programmer.

However, there's a rather glaring flaw in the analogy, and it's this: in the biological world, the various bacteria that live in or on us do not have purpose. They are simply life forms, doing the things that life forms do (which is eat, shit, and make babies) in an environment that suits them. If they end up overrunning that environment and making us sick, it's not because they wanted to make us sick. If our bodies happen to be the perfect environment for them, and they happen to eat things in a way that is beneficial to us, it's not because they decided to help us out. They are just being bacteria. Symbiosis and infection are merely products of parallel evolution and happy coincidence.

In contrast, malware is written by people, and people do have motives for the things they do. Bacteria don't do this; they just do their thing with the eating and the shitting and the baby-making, and any macroscopic results are not due to the decisions of the bacteria.

Malware is written with purpose. That purpose could be to show the user ads, or participate in a botnet, or collect spammable email addresses, or whatever. But saying that anti-virus programs will ignore the "harmless" malware overlooks the fact that there is no harmless malware. There doesn't exist any malware that's going to go to the trouble of infecting your machine and propogating, and then not do anything. No one would program one. That means that all malware is either black hat (adware, botnet, spyware, etc.) or white hat (attacks other malware). Even if it's not using CPU resources, it is doing some other damage, such as annoying the user or enabling spam (in the case of black hat) or violating the freedom of a user to choose what software they have installed on their machine (in the case of white hat). Either way, all malware should be cleaned by anti-malware programs. In the world of software programmed by people, there's no such thing as harmless piggybacking.

****
Note: I am aware of the parallels of my argument with Intelligent Design. It was not my intent to start a flamewar.