New type of malware - fantasy or dark reality?

Hi!
A few days ago I spoke to a computer specialist. We discussed modern issues in antimalware protection and he told me something really surprising. He said that in the middle of 2007 a new revolutionary type of malware started being actively distributed. As he explained, these malwares devide themselves into a lot of small parts, each of them is randomly recorded on HDD. They are not files or code added to other files. As I understood they are like collective mind - small parts are constracted in active program in memory which performes its code.
As he said these small (or smallest) components of malicious code can't be detected by any antivirus. And since summer of 2007 antivirus technologies has become very unreliable (even not useless) against these threats.
And since there aren't any technologies to protect from this new type of malware, antivirus companies don't make it public....

So what do you think about all this? Seems rather wierd for me. Can it be at least half true or it's just someone's fantasy? Hope it's the latter. -)

 

As with many such prognostications, this source conveniently omits detailing how such malware "is randomly recorded on HDD" in the first place. The reader is left to tremble at the thought of such dire consequences.

However, if by malware he means executable code, then whether in bits and pieces, or as a composite, the preventative measures are the same, so nothing has changed in that respect.


----
rich

 

Hello,
He talks about Borg - and they have been defeated in The Best of Both Worlds, Part II, the first episode of Season IV, Star Trek TNG.
Mrk

 

Is this ShadowWalker?



Pls tel him to give us a sample of it.

 

Well, if i understand anything about computers by now, something has to be on the file system, or it is called from the boot. I mean, something has to pull those ghosts.. hehe

 

You have to laugh, because otherwise you'll cry.

 

This is just great! One more thing to lay awake at night worrying about.

 

No, if all of you're not worried I won't do it either. Anyway, I'm sure that if something like that happened there would be some information about it. So let's consider it as fantasy ) Till we don't have some facts. )

 

The story reminded me of the original Star Trek episode that involved Capt. Kirk and his brother's family. A creature (looks like a plastic blob) would attack people's nervous system and force them to follow commands. Each blob was apparently part of one being who disseminated himself across the universe.

If this were the case of a massive distribution across all HDD across the world, then unless you allow one person to take over all computers worldwide, you can always execute a massive reformat and force everyone to start watching more TV and read more newspapers.

 

Can't HIPS take care of this?

 

Take care of what? A myth? I think that is up to posters here.

 

Perhaps by a computer specialist he meant a guy who learned to load windows 98 on his pc, and now offers his services on evenings and weekends?

By the original descriptions he seems to be providing a poor description of a zombie PC part of a large Bot network... I may be mistaken but If it talks about something in the system as an singular distributed AI with interconnected intelligent behavior then forget it... in my opinion it's not currently possible. As a single process would have to act as the Master/control bot to direct the others to act in concert... Not very likely the other way around... Also the coding would be enormous, and resources required per process would render this task practically impossible to perform without being detected de facto. (for those perplexed)

Also even when processes that must talk to each other which often takes place, they would have to do so via the internal resources of the system ie through localhost (127.0.0.1) so a simple scan of internal system dialogs would quickly display all the internal chichat and any alert user would detect this pronto.... Also since computers are sequential processors meaning they can only have one thing with the same address a process would require a unique id to be allowed a sequence and a priority another means of identifying the rogue as the chichat would have to be between controlled requests... No such thing as intelligent independent multi AI working together is currently possible outside of those rules... To put it simply No processes can operate independently from the process handlers as resources must be allocated and sequenced...


The only part that makes sense to me is that the "Dividing process" parts are a normal process of infection where some malware would creates multiple "passive" copies of itself over a hard disk so that if a copy is found and deleted another or more still exist to load into live memory, then it propagates across multiple machines.

Think of it in terms of replications, then propagation! simply a normal part of self defense for most malware, nothing unique or exceptional...

On my Advanced Cyber Self Defense page I talk a bit about how viruses infect a system internally and what to look for... Perhaps it might help to reduce a bit of the anxiety.

An example of internal chichat between programs: