Anti Virus Blog

Security researchers have warned that sudden impact viruses, such as the Slammer worm, which cause immediate widespread damage to IT systems are being superseded by slow-burning worms where the focus is on avoiding detection.

According to F-Secure, virus writers are putting more time into making their viruses stealthy in an attempt to sneak them past antivirus software. Malware authors, many of whom now use viruses as a way of making money, are regularly testing their viruses against antivirus packages, said Mikko Hyppönen, director of antivirus research for F-Secure.

“Because virus writers make money from viruses they can test them to a professional level,” said Hyppönen. “None of the existing antivirus programs will find these viruses. You can’t see anything in the registry, which makes them hard to detect. They try to hide their processes.”

Slammer managed to infect 90 percent of vulnerable hosts within 10 minutes of being released as it raced around the Web, disrupting IT networks worldwide. But because the worm caused such damage, most IT staff were quick to patch against it.

(more…)

For the fifth time in two months, security researchers have publicised a serious flaw in a widely used virus-scanning program.

The vulnerability affects McAfee’s Antivirus Library, a collection of common code shared among the security software company’s various virus scanners, including GroupShield for mail servers and VirusScan for PCs. An attacker could use the flaw to cause a vulnerable system to run a file instead of scanning it for malicious code.

While the company just learned of the issue recently, an update offered to corporate customers in November and consumers in December added security measures that fixed the problem.

“Once the update was released, all current subscribers got the fix,” said Marc Solomon, senior product manager for McAfee. “For anyone who is no longer a subscriber, this is a reminder to renew.”

(more…)

An increasing number of virus writers are using so-called ‘rootkit’ technology to create malware that is invisible to existing antivirus packages, IT security experts warned today.

Rootkits have been around in Unix systems for about 15 years, but the technology has only been in Windows systems recently, according to security firm F-Secure.

They allow hackers to hide spam servers, stolen media and illegal content on infected computers, and provide a backdoor that gives full administrator privileges to those who know how to access it.

“Windows rootkit is a stealth technique for hiding files. But does it at the kernel level, rather than at the application level,” explained Patrick Runald, senior technical consultant at F-Secure.

(more…)