Slashdot Mirror
Malware Evades Detection By Counting Word Documents (threatpost.com)
"Researchers have found a new strain of document-based macro malware that evades discovery by lying dormant when it detects a security researcher's test environment," reports Threatpost, The Kaspersky Lab security news service. Slashdot reader writes:
Once a computer is compromised, the malware will count the number of Word documents stored on the local drive; if it's more than two, the malware executes. Otherwise, it figures it's landed in a virtual environment or is executing in a sandbox and stays dormant.
A typical test environment consists of a fresh Windows computer image loaded into a VM. The OS image usually lacks documents and other telltale signs of real world use [according to SentinelOne researcher Caleb Fenton]. If no Microsoft Word documents are found, the VBA macro's code execution terminates, shielding the malware from automated analysis and detection. Alternately, if more than two Word documents are found on the targeted system, the macro will download and install the malware payload.
A typical test environment consists of a fresh Windows computer image loaded into a VM. The OS image usually lacks documents and other telltale signs of real world use [according to SentinelOne researcher Caleb Fenton]. If no Microsoft Word documents are found, the VBA macro's code execution terminates, shielding the malware from automated analysis and detection. Alternately, if more than two Word documents are found on the targeted system, the macro will download and install the malware payload.
Viruses. In English, at least. In Latin, it would be vira. Third declination, not second.
And while I can at least understand that people who don't understand Latin but somehow learned that -us becomes -i in plural (yes, if it's 2nd and masculine instead of neuter), where the fuck does that second "i" come from?
Your answer is confusing, even though the result is correct.
Morphologically speaking, "vira" would be the proper plural precisely because "virus" is a second (not third) declension neuter noun.
Yet, it "virus" like "water" is uncountable so this plural is unattested.
But why do we always end up in this same Latin grammar and philology lesson?
It's an arms race. As the malware gets more sophisticated at evasion, the sandbox will be made smarter to counter this. Complexity and sophistication will increase. Eventually, they will get smart enough to pass the Turing Test in order to stay in the game.