New type of malware - fantasy or dark reality?

Discussion in 'malware problems & news' started by DeerSlayer, Mar 11, 2008.

Thread Status:
Not open for further replies.
  1. DeerSlayer

    DeerSlayer Registered Member

    Joined:
    Mar 11, 2008
    Posts:
    3
    Hi!
    A few days ago I spoke to a computer specialist. We discussed modern issues in antimalware protection and he told me something really surprising. He said that in the middle of 2007 a new revolutionary type of malware started being actively distributed. As he explained, these malwares devide themselves into a lot of small parts, each of them is randomly recorded on HDD. They are not files or code added to other files. As I understood they are like collective mind - small parts are constracted in active program in memory which performes its code.
    As he said these small (or smallest) components of malicious code can't be detected by any antivirus. And since summer of 2007 antivirus technologies has become very unreliable (even not useless) against these threats.
    And since there aren't any technologies to protect from this new type of malware, antivirus companies don't make it public....

    So what do you think about all this? Seems rather wierd for me. Can it be at least half true or it's just someone's fantasy? Hope it's the latter. -)
     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    As with many such prognostications, this source conveniently omits detailing how such malware "is randomly recorded on HDD" in the first place. The reader is left to tremble at the thought of such dire consequences.

    However, if by malware he means executable code, then whether in bits and pieces, or as a composite, the preventative measures are the same, so nothing has changed in that respect.


    ----
    rich
     
  3. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,699
    Hello,
    He talks about Borg - and they have been defeated in The Best of Both Worlds, Part II, the first episode of Season IV, Star Trek TNG.
    Mrk
     
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Is this ShadowWalker?

    :eek: :eek:

    Pls tel him to give us a sample of it.
     
  5. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Well, if i understand anything about computers by now, something has to be on the file system, or it is called from the boot. I mean, something has to pull those ghosts.. hehe
     
  6. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    You have to laugh, because otherwise you'll cry.
     
  7. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,322
    Location:
    Philippines
    This is just great! One more thing to lay awake at night worrying about.:D ;)
     
  8. DeerSlayer

    DeerSlayer Registered Member

    Joined:
    Mar 11, 2008
    Posts:
    3
    No, if all of you're not worried I won't do it either. Anyway, I'm sure that if something like that happened there would be some information about it. So let's consider it as fantasy ) Till we don't have some facts. )
     
  9. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    The story reminded me of the original Star Trek episode that involved Capt. Kirk and his brother's family. A creature (looks like a plastic blob) would attack people's nervous system and force them to follow commands. Each blob was apparently part of one being who disseminated himself across the universe.

    If this were the case of a massive distribution across all HDD across the world, then unless you allow one person to take over all computers worldwide, you can always execute a massive reformat and force everyone to start watching more TV and read more newspapers. :p :rolleyes:
     
  10. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    Can't HIPS take care of this?
     
  11. lordpake

    lordpake Registered Member

    Joined:
    Aug 7, 2004
    Posts:
    563
    Location:
    Helsinki ~ European Union
    Take care of what? A myth? I think that is up to posters here.
     
  12. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Perhaps by a computer specialist he meant a guy who learned to load windows 98 on his pc, and now offers his services on evenings and weekends?

    By the original descriptions he seems to be providing a poor description of a zombie PC part of a large Bot network... I may be mistaken but If it talks about something in the system as an singular distributed AI with interconnected intelligent behavior then forget it... in my opinion it's not currently possible. As a single process would have to act as the Master/control bot to direct the others to act in concert... Not very likely the other way around... Also the coding would be enormous, and resources required per process would render this task practically impossible to perform without being detected de facto. (for those perplexed)

    Also even when processes that must talk to each other which often takes place, they would have to do so via the internal resources of the system ie through localhost (127.0.0.1) so a simple scan of internal system dialogs would quickly display all the internal chichat and any alert user would detect this pronto.... Also since computers are sequential processors meaning they can only have one thing with the same address a process would require a unique id to be allowed a sequence and a priority another means of identifying the rogue as the chichat would have to be between controlled requests... No such thing as intelligent independent multi AI working together is currently possible outside of those rules... To put it simply No processes can operate independently from the process handlers as resources must be allocated and sequenced...


    The only part that makes sense to me is that the "Dividing process" parts are a normal process of infection where some malware would creates multiple "passive" copies of itself over a hard disk so that if a copy is found and deleted another or more still exist to load into live memory, then it propagates across multiple machines.

    Think of it in terms of replications, then propagation! simply a normal part of self defense for most malware, nothing unique or exceptional...

    On my Advanced Cyber Self Defense page I talk a bit about how viruses infect a system internally and what to look for... Perhaps it might help to reduce a bit of the anxiety.

    An example of internal chichat between programs:
     

    Attached Files:

    Last edited: Mar 20, 2008
Loading...
Thread Status:
Not open for further replies.