Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Viruses Evolve Into All-Purpose Malware

Posted by timothy on from the increments-of-evil dept.

KingofGnG writes "Computer threats are continuously evolving, and some malicious codes are a problem difficult to tackle because of their inherent complexity and an intelligent design capable of constantly putting under pressure security companies. A remarkable 'intelligent' threat is for instance Sality, the 'new generation' file virus that according to Symantec has practically turned into an 'all-in-one' malware incorporating botnet-like functionalities as well."

8 of 117 comments (clear)

  1. You lost me... by Simulant · · Score: 5, Insightful

    ... at "according to Symantec."

  2. Software alone wont ever solve this problem. by Mattpw · · Score: 5, Insightful

    Call me defeatist but I believe there is no way the whitehats can out software manoeuvre the blackhats with software only solutions. The increasing complexity of modern systems ensures that the security holes will only grow not diminish. But maybe the next software "update" will solve all our problems this time?... The only permanent solution I can see is mass deployment of airgapped two factor tokens specifically for transaction authentication not generic OTP which the trojans are bypassing. This is the only security that I can guarantee what I am authenticating by looking at a airgapped device. I find it increasingly difficult to justify the performance loss for running anti malware software for the ever diminishing protection offered.

    1. Re:Software alone wont ever solve this problem. by Opportunist · · Score: 5, Insightful

      Partly right.

      What we're essentially trying to do with malware is not unlike what some countries try to do to keep illegal immigrants out. They try to shut down the border. And you know how well THAT worked, right? It's like smashing all the windows in your home and then trying to keep the flies out.

      A "total" solution does not exist, and probably never will. Whitelisting, while it would be initially quite secure, won't solve it either. Why, you ask? Because then the malware will be included in "harmless" looking programs. You will get a program that actually does what it should and contains a nifty little payload. Or, if everything fails, we'll get to see an exploit or security weakness in a programm sooner or later. What? Would be detected immediately? Oh yeah, right, and that's why no consoles have ever been hacked using save game exploits. And here even EVERYONE involved in the making of the hard- and the software had the interest to NOT allow something like that to happen.

      Back on topic. We're now at the point where the number of usable exploits is down to a handful, actually. There's a reason why malware creators are reaching for exploits in third party software already (btw, Adobe, get the f... off your rear and get your act together!), simply because the useable exploits in the system itself become too few and are fixed too quickly. Recently I've seen the first exploits for popular games. Script support and the general support of user created content really opens that Pandora's box. But they're still few and far between, almost all infections today happen with the consent and actual help of the user. It's social engineering, people! Not software engineering.

      The biggest security problem is not in the box on the floor. It's sitting right next to it.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:Software alone wont ever solve this problem. by Opportunist · · Score: 4, Interesting

      Nope. Whitelisting would first of all require you to KNOW (not to assume, not to guesstimate, but to KNOW) that a given application is neither harmful (ok, that's doable to some degree, provided you invest the time, and hence money, into the whitelisting process) nor can be abused to be an infection vector. And the latter part is what makes the whole whitelisting pointless.

      Would you whitelist Flash? Would you whitelist Adobe Acrobat Reader? Would you whitelist your web browser? Or your media player, your MP3 player, your word processor, your instant messenger? Of course, you would pretty much have to or your user would go ballistic on you. Is it an attack vector? Oh, one of them currently certainly is!

      Whitelisting only solves the problem if you can ensure that the program you whitelist cannot be used as an attack vector. And you cannot do that unless you wrote the program yourself and thus know the way it handles user input. The moment a given program can open a file, a stream or a network connection, you open that program to user input. And that's the moment when security takes a cigarette break.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  3. Virus? Malware? by virtualonliner · · Score: 5, Interesting

    I think we are at a point where we cannot really distinguish between virus or spyware or scareware or whatever. Virus have already started doing what spyware doing a couple years ago. I mean, it sounds just pointless that we distinguish them. Bad program is a bad program. It does not matter what we call it. Guys at StopBadware came up with a good term a few years ago. It's a badware. It does not matter to the end user what it does!

  4. How is this evolution? by shikaisi · · Score: 5, Insightful

    I know evolution is a much-abused word, but TFA itself states "some malicious codes are a problem difficult to tackle because of their inherent complexity and an intelligent design". Let's give the Intelligent Designer some credit, even when he's a malevolent one. This virus is not going to "evolve" into another form any time soon, it has simple been designed to make limited adaptations to local circumstances.

    --
    No left turn unstoned.
  5. Re:the benefits of open source... by pankajmay · · Score: 5, Insightful

    Face it, thanks to Open Sores we all get to suffer more malware and more powerful malware. If even Microsoft with all their programmers has a hell of a time keeping up with patches and all of that, how are average users going to stand a chance? Tell me again why closed source is such a horrible thing??

    Because closed source is equivalent to security through obscurity paradigm -- which never works and worse still - is illusory. You are only asking to live in your la-la land when the reality is different.
    Malicious people are going to develop such sophisticated attacks regardless of whether software is closed-source or open-source.

    Making such exploits open-source lets us know what sort of channels are exploited. This leads to a better understanding of the weaknesses in the underlying protocol. This is where you have improved software that won't fall down like a house of cards when kicked at the shins.

    With closed source -- you are trusting what? An obscure programmer who is under a deadline to push something out the door??

    You probably are not even aware of how many times Open Sourcing has saved your a$$. Just because you pretend the problem doesn't exist, does not mean that your ignorance is the truth.

  6. Making stupid boxes... by blahplusplus · · Score: 5, Interesting

    ... It might be time for the OS to compartmentalize the browser to have the net enclosed from the main system within a virtual machine. This way even if the "computer" were infected by malware it would disappear whne the VM was closed down, also a whitelist of Executables on the host machine would go a long way to stopping malware and the permanent logging/monitoring of executables or dlls being loaded that are unrecognized so they can be analyzed.