How Viruses Evolve Into All-Purpose Malware

← Back to Stories (view on slashdot.org)

How Viruses Evolve Into All-Purpose Malware

Posted by timothy on Friday May 28, 2010 @02:55PM from the increments-of-evil dept.

KingofGnG writes "Computer threats are continuously evolving, and some malicious codes are a problem difficult to tackle because of their inherent complexity and an intelligent design capable of constantly putting under pressure security companies. A remarkable 'intelligent' threat is for instance Sality, the 'new generation' file virus that according to Symantec has practically turned into an 'all-in-one' malware incorporating botnet-like functionalities as well."

3 of 117 comments (clear)

Min score:

Reason:

Sort:

Virus? Malware? by virtualonliner · 2010-05-28 15:29 · Score: 5, Interesting

I think we are at a point where we cannot really distinguish between virus or spyware or scareware or whatever. Virus have already started doing what spyware doing a couple years ago. I mean, it sounds just pointless that we distinguish them. Bad program is a bad program. It does not matter what we call it. Guys at StopBadware came up with a good term a few years ago. It's a badware. It does not matter to the end user what it does!
Making stupid boxes... by blahplusplus · 2010-05-28 17:49 · Score: 5, Interesting

... It might be time for the OS to compartmentalize the browser to have the net enclosed from the main system within a virtual machine. This way even if the "computer" were infected by malware it would disappear whne the VM was closed down, also a whitelist of Executables on the host machine would go a long way to stopping malware and the permanent logging/monitoring of executables or dlls being loaded that are unrecognized so they can be analyzed.
Re:Software alone wont ever solve this problem. by Opportunist · 2010-05-28 18:44 · Score: 4, Interesting

Nope. Whitelisting would first of all require you to KNOW (not to assume, not to guesstimate, but to KNOW) that a given application is neither harmful (ok, that's doable to some degree, provided you invest the time, and hence money, into the whitelisting process) nor can be abused to be an infection vector. And the latter part is what makes the whole whitelisting pointless.
Would you whitelist Flash? Would you whitelist Adobe Acrobat Reader? Would you whitelist your web browser? Or your media player, your MP3 player, your word processor, your instant messenger? Of course, you would pretty much have to or your user would go ballistic on you. Is it an attack vector? Oh, one of them currently certainly is!
Whitelisting only solves the problem if you can ensure that the program you whitelist cannot be used as an attack vector. And you cannot do that unless you wrote the program yourself and thus know the way it handles user input. The moment a given program can open a file, a stream or a network connection, you open that program to user input. And that's the moment when security takes a cigarette break.

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.