Antivirus vendor spreads more FEAR in order to drive more sales rather than offering free advice to keep people's systems safe.
Viruses are accidentally infecting worms on victims’ computers, creating super-powered strains of hybrid software nasties. The monster malware spreads quicker than before, screws up systems worse than ever, and exposes private data in a way not even envisioned by the original virus writers. A study by antivirus outfit …
“If you get one of these hybrids on your system, you could be facing financial troubles, computer problems, identity theft, and a wave of spam thrown in as a random bonus,” said the man who claims it can all be prevented if everyone would only apply snake oil properly, which he coincidentally can let you have some of for a small consideration.
Malware sandwiches have been with us since the time of the Jerusalem virus (remember that one?).
Even more interesting (but similarly not new), some computer viruses can "mate" and exchange malicious code, resulting in new, previously unknown variants. Used to happen a lot in the MacOS (that was before Apple switched to a Linux variant for the OS of the Macs, for you youngsters out there) and the macro virus world.
But self-replicating malware (i.e., viruses) is mostly irrelevant nowadays. Most of the infections are caused by various kinds of Trojan horses (i.e., malware that does not replicate itself).
So, I'd classify this "news" item as "yet another AV company seeking attention".
MacOS X is many things, some good, some bad, but it is not a Linux variant.
((Check the history: it is derived via NeXTSTEP from CMU's Mach kernel, and this work pre-dates Linux by a few years. The other ingredients in the sauce are parts of FreeBSD and NetBSD.))
FAIL icon for you, then...
(The points made about malware itself are sound.)
hahaha, I remember the Amiga viruses... and these were MENS viruses, not these namby pamby information stealing bits of fluff the yung'uns of today complain about. These modern fandangled things are so busy trying to steal information that they forget to deliver trippy payload screens, randomly formatting every media unit they can find and still find time to insult you and the other virus writers.
sheesh... the youth of today...
The last virus infection, apart from the malware I deliberately infect vm's with was the Saddam virus on my Amiga, now that was a proper man flu infection.
Yes you read right, I am being very smug indeed, I have not had a virus on any of my Windows or Linux boxes ever. I am very careful, although not being infallible I expect luck has a bit to do with it too.
Famous last words.... Perhaps my bank details are on there way to China or Russia now and my machine will fail to boot tomorrow 'cos the hard disk has been formatted. Good job I back up all my important and personal data in plain text to the cloud.
"BitDefender doesn't have historical data to go on."
"All of the malware hybrids analysed by BitDefender so far have been created accidentally."
"BitDefender carried out its study after finding a sample of the Rimecud worm that was infected by the Virtob file infector."
Erm, so BitDefender have made the "discovery" that viruses infect files and the separate discovery that (on an infected machine) some of those files will be other viruses or worms. Furthermore, they apparently *haven't* made the discovery that usually this is done on purpose. (Modern malware generally combines several different strategies to maximise the chances of success. Even in the popular press, virus descriptions generally make this point.)
So in the absence of any clue, or historical data, they are announcing that the sky is falling. Sheesh! Even by the standards of AV press releases, this one is pretty lame.
According to the linked post, hybrids have *different* signatures to their progenitors. So, suddenly, instead of N signatures, the database has to store N(N-1) signatures. And, presumably, the only way to calculate them is either to produce the hybrid in the lab or to locate it in the wild. So, even after a signature is released, there might be a window when no signature exists for viable hybrids.
And then, I suppose, there's a chance the hybrid can be infected by another piece of malware. How far will it go O(N^3), O(N^4)? How big does the database have to become? How long does it take to produce all the signatures? There <em>is</em> a danger here. And I rely on the "snake oil" to protect my mom/girlfriend/kid from being infected. So let's hope virus writers don't start coding with this in mind, or what we call "malware" might become genes in the first piece of artificial life. But for the moment, I won't be losing any sleep.
I don't think it will take much more to detect a hybrid than to detect its component parts - it will still retain the characteristics of these. AIUI the threat is more about the increase of available infection vectors, which might allow an outbreak to spread faster and further.
"According to the linked post, hybrids have *different* signatures to their progenitors."
No, according to the blog post, a hypothetical situation may occur where AV software disinfects the latest infection, leaving the file with the previous infection(s), but due to a weakness in the disinfection process, the previous infections no longer have the original signature.
This is a) hypothetical only, b) more indicative of a flawed disinfection process than a new danger posed by malware hybrids, and c) not likely to produce a N(N-1) situation because the signature modification happens in the disinfection process, not the infection process. So the more likely number of signatures required would be N(F) where F is the number of distinct (i.e, producing different artifacts) flawed disinfection routines. And the solution is to fix the disinfection routines.
Umm, this has been going on for a long time, but not put into these exact words... Most Malware infections include a combination of rootkits, trojans, and other variants of malware by the time many users bring their systems to the shop. If they can get infected, and not break the PC, then they technically work together. Much like some times you can have 2 antiviruses on a computer and have it not break windows, you don't call that Mega-protection. The fact people are pointing out the fact malware can combine if they don't break each other, seems kind of strange to me on an IT site. It would make some kind of sense on the mainstream media, because they are about 5-10 years behind reality when it comes to technology and science.
But don't listen to me, just a filthy peasant :P
I think it is extremely unlikely that successful hybrids will be created accidentally. This is not a large physically grounded system with high parallelism. Here, we have a few thousands computers in which "hybridized code" implies higher success at crashing & burning, not at hiding, surviving and infecting.
As to why anyone would develop such a thing knowingly ... beats me. Why not just pack everything into a known correct package?
An AV using heuristics should spot the first virus on the system and also the second. For the same reasons it would detect the hybrid too.
On an AV not using heuristics that looks for strings/identifiers, it should spot both individual viri. A hybrid of the two should still have the identifying marks of the second virus to infect the first, so would still be identifiable as long as the AV has the definition for it.
So the result is no different from having 2 different viri on your computer. They are not giving the other viri any extra features or spreading any of the code of each other. It is not parasitic in any way. It would have to be coded to be parasitic and use the code of another infection.
The only thing I can see is that one virus may stay hidden due to double encryption of a file by the second virus but this should be spotted at run time. In any case the AV should catch the first virus anyway.
Am I missing something?
Dunno, to be honest, since I don't write AV code. But I can speculate.
Heuristics are unreliable, so a system based on heuristics needs lots of ticks on its check-list before it dares to flag a program as a virus. Therefore, small changes in behaviour may well be enough to get past heuristics, unless the heuristics are cranked up to Total Paranoia mode, in which case the heuristics probably start flagging up the OS as a virus. (Guess: this is already happening and is the real reason behind the occasional tendency of some AV offerings to brick Windows systems.)
Signatures similarly can't afford to be too short, or else legitimate applications will, by chance, have the same sequence of instructions. Almost any modification, and that certainly includes patching by another virus, might be enough to invalidate signature-based checks, possibly even for both viruses.
On the other hand, this is not a new phenomenon. It has *always* been possible for one virus to infect another. Therefore, I think we already know how effective AV software will be, because it already *is* dealing with this problem.
Computers riddled with multiple malware are probably already so compromised that there is nothing left to hack
memo to BitDefender - viruses do not "accidentally" infect other files unless you are using the word "accidentally" in its little know alternative meaning of "deliberately"
I was once a regular correspondant with George Smith of the Crypt Newsletter and Rob Rosenberger of Virus Myths. I picked up a pretty jaded attitude towards software security companies. Yes, they have a product and a need for it too, but they're strongly motivated to spread fear and misunderstanding.
The "goodtimes/badtimes" letter made me giggle like a lunatic. :)
Biting the hand that feeds IT © 1998–2021