The Most Unique Viruses of 2012

Orome1 writes "PandaLabs outlined its picks for the most unique viruses of the past year. Rather than a ranking of the most widespread viruses, or those that have caused most infections, these viruses are ones that deserve mention for standing out from the more than 24 million new strains of malware that emerged."

Most Unique?

Shame on you Slashdot.

Re:Most Unique?

[JustOK]

Uniquest would have been better.

Re:Most Unique?

[flaming+error]

Indeed. And shame on Dice Holdings, Inc. Shame on DARPA. Shame on the whole internet.

And most of all, shame on PandaLabs. How could you.

Re:Most Unique?

[binarylarry]

Uniqueier

Re:Most Unique?

[Fluffeh]

Putting my grammar in my pocket for a moment, I got to admit that:

Ainslot.L: When it infects, the Ainslot.L bot scans computers and removes any other bots it finds.

Sort of passes as being pretty damned uniquest!

Re:Most Unique?

Uniquest would have been better.

Or many much most uniquest. Remember that North Uniquest is best Uniquest!

Re:Most Unique?

And shame on you most of all Flaming Error, this all your fault.

Re:Most Unique?

[JustOK]

How could uniquest be redundant?

Re:Most Unique?

[derGoldstein]

"Uniquest" would be the superlative, so it would be a higher level of "unique" than "Uniqueier".
In other words:
Uniquest > Uniqueier > unique
I'm not 100% sure where "most unique" should be placed, but I think it would be the equivalent of "Uniquest".

Remember, there used to be only one type of "infinity" in math. Now someone just has to properly define different levels of "uniqueness".
(yeah, I'm not sure if this is a joke post either)

Re:Most Unique?

"Uniquest" would be the superlative, so it would be a higher level of "unique" than "Uniqueier".

That's not how I remember it: Uniquest is a noun meaning a largely uneventful, yet expensive, life journey resulting ultimately in an attempt to convince others the quest had merit. Of said odysseys much prose is written. Once collected the verses sit in great libraries the size of small cities called universities, which are the quintessential starting point of uniquests -- the pair of terms are unique in language, each being recursively responsible for each the other's 'uni' prefix.

I'd tell tales of the "uniqueier", but Alas, the theory of quantum queerness singularities may be unsuitable for some readers.

Re:Most Unique?

[tinkerton]

Or uniquest is the quest for the most unique. Which is the theme of the article.

Re:Most Unique?

[Danathar]

My wife would agree. Every time she hears unique modified I have to deal with her ranting in the living room for 10 minutes. :(

Re:Most Unique?

[mcgrew]

Wouldn't a uniquest be a single quest you undertook alone?

Re:Most Unique?

Only clicked the link to check for this comment.

Was not disappointed.

Re:Most Unique?

[RightSaidFred99]

Grammar Nazi fail. Go look up "unique". Hint: "existing as the only one or as the sole example" is not the only one.

oh come on

[slashmydots]

Oh come on, where's the CD tray random timer open and closer from Lizard Works? Yeah it wasn't "made" in 2012 but it's still around and it's A LEGEND! lol.

Re:oh come on

[RedHackTea]

Just for fun. I don't know if this will compile (don't have a Windows machine near me at the moment).

#pragma comment(lib,"WINMM.LIB")
#include <windows.h>
#include <stdlib.h>
#include <time.h>

int main(int argc,char **argv) {
mciSendString("OPEN CDAUDIO",NULL,0,NULL);
for(srand(time(NULL));; Sleep(rand() % 600000)) {
mciSendString("SET CDAUDIO DOOR OPEN",NULL,0,NULL);
}
return 0;
}

Re:oh come on

[TheRealMindChild]

mciSendString is an enormously valuable and deprecated API call that ties right into the Windows video codec stack. It has its legacy back in the 16 bit era, but I can't think of a better high level video API that is so simple, yet powerful. The mess comes from the COM interface being exposed so casually

Re:oh come on

For anyone (not me) who has ever set their soda in front of their CD tray, this is a terrifying virus.

I've done terribly stupid things in the past, such as knocking orange juice into a shut-off computer. But, that wasn't the stupid part. The stupid part wasn't fully checking to see if orange juice got into the cabling for the hard drive before turning it on.

Re:oh come on

[jones_supa]

Seems to compile just fine.

1>------ Build started: Project: silly, Configuration: Debug Win32 ------
1> silly.c
1>silly.c(8): warning C4244: 'function' : conversion from 'time_t' to 'unsigned int', possible loss of data
1> silly.vcxproj -> silly.exe
========== Build: 1 succeeded, 0 failed, 0 up-to-date, 0 skipped ==========

Biology research skewing my perspective ...

[kwyjibo87]

At first, I was super excited by the headline and thought: "I hope they include these newly discovered python viruses!" Only to quickly realize the authors meant a different kind of Python...

Re:Biology research skewing my perspective ...

[TheLink]

I wonder how much Python malware there is... I suppose if OS X ever gets enough marketshare someone might start writing malware in Python. Or perl? TIMTOWTDI for malware might be interesting- polymorphic perl malware using LWP, curl to fetch new instructions/payloads. Could be crossplatform and work on Linux and Unix as well.

Re:Biology research skewing my perspective ...

[hairyfeet]

Well considering the how to write a Linux virus in 5 easy steps article uses Python and when I search for "Python malware" I get over 600,000 hits? There is probably plenty of Python malware already out there, it just doesn't get as much press as a Windows bug as it has a smaller target. But as long as there is the potential to make money on infected machines I'm sure that somebody will be targeting just about every combo of language and OS you can think of, no OS is immune to a targeted attack.

Now that said I have to deal with some customers that are...sigh...can you say "click happy" and clueless? So after many hours of trying various combos on test boxes here at the shop I have come up with what I call my "foolproof Windows for fools" that makes the machines as solid as tanks and cuts the living hell out of the risk of malware. basically short of them going "Why yes, please infect my machine" which sadly I have had to deal with at least once, well short of them going the extra mile to be super stupid you'll have a system that short of hardware failure won't be going anywhere. For those that want to know how, recipe is as follows:

1.-First make sure their software is all up to date and Windows is set to automatically download and install patches, otherwise they are likely to just ignore the patches and leave the machine vulnerable.

2.- Get a low rights mode browser with ABP, any Chromium based will do but I use Comodo Dragon as it has privalert which will block all the tracking crap and you can choose to use Comodo Secure DNS in the browser only, this helps to block a LOT of infected websites from loading in the first place.

3.- For an AV I recommend either Avast Free or Comodo IS, both have their pluses. Avast AV is a little more "chatty" about what its doing and I found some folks really like that, Comodo IS has built in sandboxing and is easy to configure for the actual user, so its really up to you as both are quite good at stopping malware.

4.- Install FileHippo Update Checker and have it set to run at startup, it only uses a couple hundred KB of memory and will tell them when their third party software is out of date as well as provide links to the software, this keeps them from downloading "flash updates" and other dubious software updates. if the Hippo doesn't say it needs updating then it don't need updating.

5.-Finally you need to have a hidden backup and restore partition, just in case they ever manage to figure a way to get infected or if a family member comes over and trashes things. I am testing Paragon Drive backup for this roll but since I haven't finished testing I'd have to go with Comodo Time Machine but be aware its no longer supported and I don't think its been tested with Windows 8. That said the nice thing here is you can lock a snapshot with everything set up and all the third party software loaded so you have your own "OEM restore partition" without the trialware crap and it can also create snapshots on a schedule and be accessed if the machine can't even boot to desktop by just pushing the Home key. this way if they manage to somehow seriously screw up the OS a single push of the Home key and 20 minutes later they are back up and running.

With these 5 little steps that takes less than an hour all told you will have a machine you can let the most clueless users get a hold of and not have to worry about them borking the system I have several "click happy" customers that have been on this system for over 2 years now and not a single bug, runs just as good as when I handed it to them. In fact I have only had to help one that has been on this system, she forgot to log off and her 16 year old niece got on after she left and did God knows what to the system so it wouldn't boot to desktop. 15 minu

WTF slashdot

It would be nice if, you know, the article said WHY they where unique...

real viruses

[vossman77]

I was disappointed to find out this was about computer viruses. Nothing in the description makes relevant to computers until the word malware.

The most unique biological viruses would be much cooler to look at than some stupid man-made computer virus.

Re:real viruses

[DavidClarkeHR]

I was disappointed to find out this was about computer viruses. Nothing in the description makes relevant to computers until the word malware.

The most unique biological viruses would be much cooler to look at than some stupid man-made computer virus.

... Then why are you on slashdot? You're essentially walking into a room of dwarves and proclaiming that it is a terrible place to discuss the 10 finest sparling ice-wines this side of faerun.

Re:real viruses

[toygeek]

I'd suggest that maybe you're new here, but I think your UID is lower than mine.

Re:real viruses

[pushing-robot]

I understand your point, but that is a rather misleading analogy, for Slashdot is widely known to be the best possible place to debate the 10 finest sparling ice-wines this side of faerun.

Re:real viruses

[the_B0fh]

What's a lower UID supposed to show?

Re:real viruses

[timeOday]

What's a lower UID supposed to show?

It really just depends. Too high, and you're a Johnny-come-lately with no sense of slashdot lore. Too low smacks of moderate-to-severe aspeger's and probable basement dwelling. Really, the ideal UID is a bit over half a million.

Re:real viruses

[gargleblast]

I was disappointed to find out this was about computer viruses.

That's nothing. I momentarily thought "Malware - now there's an apt metaphor for rogue DNA".

Re:real viruses

[adolf]

Everyone knows that all of the best Slashdot UIDs are less than 21055.

Re:real viruses

[RedHackTea]

I feel inferior.

Re:real viruses

[dbraden]

Really, the ideal UID is a bit over half a million.

What a coincidence!

Re:real viruses

[JonySuede]

I am 6 feet tall and I drink Aberlour cask strength scotch, not some sissies faerun'S iced wine, you insensitive bastardish canadian cloaud

Re:real viruses

[JonySuede]

you can be high and be a lazy i did not care until my thirties Jony

Re:real viruses

[Anonymous+Psychopath]

Everyone knows that all of the best Slashdot UIDs are less than 21055.

True dat.

Re:real viruses

What's a lower UID supposed to show?

It really just depends. Too high, and you're a Johnny-come-lately with no sense of slashdot lore. Too low smacks of moderate-to-severe aspeger's and probable basement dwelling. Really, the ideal UID is a bit over half a million.

If I subtracted half of my UIDs (randomly) from the other half (summed), would I come close? As much as I'd prefer to use those older UIDs to show my geek cred, they're also full of close minded, half-formed opinions that don't reflect several years of education in and out of the educational institutions.
 
Case in point: When I realize I've gone terribly wrong in my comments, I look back at the last few comments I've made in different articles. If they're mostly inflammatory, idiotic or simply racist, I figure it's time to abandon that identity. I could even go back to my 4 digit UID, but then I'd have to own up to some pretty infantile arguments, and I'd prefer to put my past behind me.

Re:real viruses

[shani]

Much less, I'd say.

Re:real viruses

[magic+maverick+]

Quite. This is my third or fourth /. id. I think the best thing to do would be to probably sign up with three or four all at once. And then when you get sick of one identity, you can discard it and you still have a similar level UID.

Or we could all just agree that the number after the name does not indicate anything more than that the account is a certain 'age'.

Re:real viruses

[knarf]

What's a lower UID supposed to show?

A smaller inhibition to giving up privacy and/or a larger urge to 'belong'? I only registered here when they started penalizing anonymous posters, until that time I was happy to discuss shop without having to show any ID.

Re:real viruses

[ShadowBlasko]

Well, I'll be damned. I'm finally prepared for something.

Re:real viruses

[sjames]

Some of you 5 digit newbs are OK, but it's really better to be in the low 4s.

Re:real viruses

[Misagon]

I agree with both shani's and vossman77's comments ...

Re:real viruses

[mcgrew]

The masthead doesn't say news for geeks, it says news for NERDS. There's nothing nerdier than science. Even though I was writing assembly thirty years ago I agree with the GP that the ten most unique* biological viruses would be far more interesting than the ten most unique pieces of malware.

You're at the wrong site, you need to be at that juvenile site geek.com if you don't want all that icky sciency junk.

* The title is brain-dead stupid. There is no such thing as "most unique".

Re:real viruses

[mcgrew]

Too low smacks of moderate-to-severe aspeger's and probable basement dwelling.

In my case, it's just a sign of old age. Now get off my lawn!

Re:real viruses

[AliasMarlowe]

Some of you 5 digit newbs are OK, but it's really better to be in the low 4s.

Hah! Some of us greybeards just stick a couple of short UIDs together. Mine is a 3-digit UID appended to a 4-digit UID, for the maximum of cachet...

Re:real viruses

[Trixter]

What's a lower UID supposed to show?

Penis size XOR FFFFFFFF

Re:real viruses

[lewiscr]

I think it indicates that somebody can discuss online, without tainting an identity so badly that it must be abandoned. Do you find yourself spouting inflammatory, idiotic, and racist arguments at your real-life neighbors, then decide it's time to move? My /. account is like a phone number, email address, or street address. I suppose it helps that I'm naturally a lurker.

Don't get me wrong, I've said some stupid shit.

New virus idea:

[u64]

As infected computers are often infected multiple times. Perhaps future viruses should
just wipe the drive and install a clean Linux, and then run their malware job from there.
Sure, it's more complicated but think of the rewards: better uptimes, faster performance,
and great protection from competing viruses.

(Hint: i'm being sarcastic, or cynical.)

Re:New virus idea:

Hint: you're being an asshole

Re:New virus idea:

ccccocccocccoccaine on prostitute ass ! 60,2% is a bit to strong Jony

What a weak list...

[iMouse]

No ZeroAccess?! I guess it could be argued that portions of ZeroAccess are/were designed with the BlackHole dev kit, but it blows my mind that something as sophisticated, stealth and widespread as ZeroAccess isn't on the list. The method of infection, its resilience/resistance to removal and use of the compromised workstation are pretty unique.

I'm pretty sure that a large chunk of the malware on this list did not have file infecting variants or true "viruses".

1 in 1000, 1 in 10000

Surely 1 in 10,000 is more unique than 1 in 1,000, and of a set of unique things the most unique one is the 1 in 1 million thing.

What I find most unique about your post, is that an A/C can have so much authority that wannabe grammar nazis are all lining up to back you up!

Re:1 in 1000, 1 in 10000

[zAPPzAPP]

With a uniqueness of zero for both, they are pretty much equally unique.

Re:I'd like to nominate iTunes on a Mac

Apple is evil and has been evil in various ways for much of its corporate existence. So why are you voluntarily running a computer with Apple software?

ainslot ftw

Ainslot just gave me inspiration to write a virus to remove all other viruses!

Re:I'd like to nominate iTunes on a Mac

[iMouse]

...uh. Not sure if sarcasm...

iTunes 11.0.1 on my iMac has "Hide iTunes" and "Hide Others" just like every other version of iTunes I've ever installed.

- Menu Bar
-- iTunes
--- Hide iTunes

I insert an audio CD or video DVD and I'm asked what I want to do with this disc...just like every other version of Mac OS X since who knows when. Have you looked at your settings here?

- System Preferences
-- CDs & DVDs
--- When you insert a music CD:
--- When you insert a video DVD:

Actually, iTunes on Mac OS X runs a hell of a lot better than it does on Windows. Kinda like how poorly Microsoft Office runs on the Mac compared to on Windows.

Re:I'd like to nominate iTunes on a Mac

[iMouse]

Just for good measure, I also threw in a CD that has a bunch of MP3s and MP4 video on it burned as a data disc. Mounted on the desktop...no iTunes, no prompt. Mounted just like any other data disc with data on it.

For a minute I thought you meant real viruses.

[John+Hasler]

There were some interesting ones.

Amusing self promotion in article.

[Riceballsan]

"DarkAngle: A fake antivirus that poses as Panda CloudAntivirus. It takes advantage of the renown of Panda Security's free cloud antivirus to infect as many computers as possible."

I hate to burst your bubble panda, but the average home user, IE the targets for these scams, haven't heard of your software. If I were to write a virus, with the goal of suckering the uneducated home user, my choices of mimicry would be: 1. Norton, 2. McAffee, 3. AVG, 4. webroot, 5. CCleaner, 6. Ad-Aware, 7. MSE/windows defender, 8. Malwarebytes, 9. Bitdefender, 10. Trend Micro.

This rating list has no impact on what is best, what AV's have the best or worse success rating, more what names I could imagine my less computer savy friends and family hearing, and thinking "I've heard of this product before, it's probably legitimate". Panda is a fairly decent product, but far from a household name among typical non-geeks.

Re:Amusing self promotion in article.

1. Norton

This brings up an interesting question. If you installed malware that was pretending to be Norton, how would you know?

Re:Amusing self promotion in article.

[fatphil]

I see someone's already addressed (1), so on to (2):

Pretending to be McAfee? Erm, you've posted to the wrong story!

Re:Amusing self promotion in article.

[Translation+Error]

Your computer will run better.

Re:Amusing self promotion in article.

[Riceballsan]

The malware writers use slightly more honest busyness practice. Oh and if it actually detects a virus other than tracking cookies, it's probably not really norton.

Re:I'd like to nominate iTunes on a Mac

[the_B0fh]

Why are you presenting facts as if it matters to these idiots?

They just want to wank off bitching about Apple. Let them.

Re:I'd like to nominate iTunes on a Mac

[zAPPzAPP]

A good virus knows how to hide.

Fake FBI warning virus

[DigiShaman]

My vote goes for the fake FBI warning screen that hijacks explorer.exe. It basically informs users that they have done something very illegal and must pay a "fine" to unlock the computer in the form of MoneyPak cards. Screenshot here (not my link, just found online as an example)

BTW, you can remove this SOB using a bootable Kaspersky Rescue Disk. It runs a form of Linux that will boot into an anti-virus desktop console. Assuming you have internet access, it will most likely contain NIC drivers to download the latest defs for you prior to the scan/removal process.

Good luck!

Re:Fake FBI warning virus

Mod up. It's not genius, it's not earth shattering, but it's so concise and easy to follow that any ape with a cerebellum can do it.

Re:Fake FBI warning virus

I think that's what they called the "police" virus (Only Panda could make up a name that stupid). Recently it also pretends to be from the DoJ.

I'm surprised ZeroAccess isn't on their list - probably because their technicians aren't good enough to pick up on it.

Re:Fake FBI warning virus

Removing the "Police Virus" is simple. Safe-mode, run Combofix, Gone! :)

Re:Fake FBI warning virus

[DigiShaman]

The version I removed couldn't be cleaned in Safe-Mode. It was well coded to prevent professional cleanup while in the OS. Looking through my IT support ticket history, I documented removing 31 instances of mxroh_v_mf.exe scattered throughout the drive all cross referenced. So if you missed just one, the registry would pull from another directory and re-enable with replication. This fucker had self preservation hard coded as its #1 priority!

Re:Fake FBI warning virus

[DigiShaman]

Forgot to mention. It went by the name of Trojan-Ransom.Win32.Blocker.aaah (Internet Crime Complaint Center scam) according to Kaspersky

Did anyone notice?

[drkstr1]

Did anyone else notice the stealthy advertisement in the list?

The Most Unique Virus of 2012? Windows 8.

The Most Unique Virus of 2012?
Windows 8, an unusable operating system by Microsoft.

Scientology?

Is PandaLabs related to Panda Antivirus, which is related to scientology?

The curious are wondering...

http://en.wikipedia.org/wiki/Mikel_Urizarbarrena

Astroturfing garbage

N/T

Re:Viruses?

Or should it be Virii?

Generally speaking, using "virii" repeatedly in a post is likely to be a successful troll. However, it isn't strong enough to stand alone, trolling wise.

Best of luck in your future trolling endeavors.

Uhoh!

[freaker_TuC]

Really, the ideal UID is a bit over half a million.

...I'm so screwed :)

viruses? or computer viruses

[PixetaledPikachu]

The word virus refers to biological viruses, not computer viruses

Re:viruses? or computer viruses

And the word computer refers to a person who does calculations, not one of these new-fangled electronic "computers".

Shame on you Slashdot?

ha, that day has long since past....

slashdot, news for idiot wannabe nerds and hackneyed interweb trolls...

ffs, i have seen the beginning of the end.

captcha = 'vagaries'

Pedant

Enough with the "most unique"! Its either unique or not, damnit!

Re:Viruses?

Sure. One can use words like "virii" and "boxen" if he really wants to appear like a dork.

More Biology

[m.shenhav]

I agree! Considering the impact that life science will have on the coming decades, I want to see more biology in Slashdot.

None of these as unique [sic] as the DIY virus

[cellocgw]

You old-timers remember, the email that went:
" Here's the DIY virus. All you have to do is 1) read this email, 2) send a copy to all your friends, 3) randomly delete files from the system directory"

So ... malware is biological now?

The masthead doesn't say news for geeks, it says news for NERDS. There's nothing nerdier than science. Even though I was writing assembly thirty years ago I agree with the GP that the ten most unique* biological viruses would be far more interesting than the ten most unique pieces of malware.

You're at the wrong site, you need to be at that juvenile site geek.com if you don't want all that icky sciency junk.

* The title is brain-dead stupid. There is no such thing as "most unique".

Huh. I didn't realize that malware was a biological term. Did you mix up that too?

An example of ..

[dgharmon]

An example of how not to mention Microsoft Windows in a discussion of malware ...