Malware That Fights Back
The never-ending malware war is in large part an arms race between the online criminals and security companies. Today I heard from researchers about some of the latest weapons in the crooks' arsenal that allow them to hamper and evade their arch-enemies.
A few varieties of malicious software can actually take stock of their situation and detect when they are being run in a virtual environment, commonly used by security researchers to analyze malicious software. In those cases, some types will try to dodge pursuit by shutting down completely, sometimes self-destructing entirely.
A second approach is even sneakier. Some malware throws out counter-measures to lead its chaser down the wrong track: it will go through the steps of infection, but will purposely register itself within a different place in the operating system, for example, or try to attack Internet Explorer from a different angle.
Tim Eades of Sana Security says his company has just started seeing this type of malware within the last 30 days; Oliver Friedrichs at Symantec says he's seen it for a good while now, but that it may be becoming more common.
If these methods are able to slow down a researcher in his work to pick apart a malware sample, or evade detection by automated 'honeypot' tools that collect and attempt to identify malware online, that can translate into a longer lifespan for the malicious software.
And as Eades points out, the longer malware can stay alive, the more money its creator can make. Sana saw this behavior in two varieties of bot malware, which corral infected machines into versatile botnets that can be rented out by the hour for sending spam or launching denial-of-service attacks. Bots can also download a variety of other malware onto victim PCs, such as data-stealing keyloggers.
Friedrichs says these techniques may become more common as it becomes easier for threat authors to build this environmental awareness into their software. Some attack Web sites have the same intelligence, and will not launch an exploit against browsers that are running in a virtual environment.
In a recent article, Kaspersky analyst Alisa Shevchenko writes that she also expects to see more malware along these lines: "The use of technologies that detect debuggers, emulators and virtual machines as well as other environmental diagnostic technologies, is expected to develop in order to compensate for the mass transition of antivirus products to behavioral analysis."
PC World's Marketplace
PC World's Free Whitepapers
tech news tech blogs community & forums laptop prices software reviews downloads
I know that Voip service is the way to go but it looks like to me if we will have to have a land line to be able to use this service that it will cost us more than just having a voip service with a current carrier. Is there something I am not seeing here.