Worm Sleeps To Avoid Detection

Discussion in 'malware problems & news' started by NeonWizard, Jul 13, 2004.

Thread Status:
Not open for further replies.
  1. NeonWizard

    NeonWizard Registered Member

    Jan 17, 2004
    The latest mass-mailing worm, Atak, hides by going to sleep when it suspects that antivirus software is trying to detect it.

    Atak was first discovered Monday. Although antivirus companies do not expect it to cause much damage, they say it will be a nuisance because it can generate a large amount of spam.

    Graham Cluley, senior technology consultant for antivirus company Sophos, said authors of malicious software generally try to make the job of antivirus researchers as difficult as possible by adding confusing code and using evasion techniques.

    "Atak tries to tell when someone is stepping through the code to analyze whether it is a virus or not. Often, a virus will contain lots of code that is designed to make it more complicated for (antivirus) companies to write the detections," Cluley said.

    Mikko Hypponen, director of antivirus research at Finnish company F-Secure, said that although it is common practice for virus writers to protect their malware, this worm is exceptional.

    Read Article
Thread Status:
Not open for further replies.