Worm Sleeps To Avoid Detection

[NeonWizard]

The latest mass-mailing worm, Atak, hides by going to sleep when it suspects that antivirus software is trying to detect it.

Atak was first discovered Monday. Although antivirus companies do not expect it to cause much damage, they say it will be a nuisance because it can generate a large amount of spam.

Graham Cluley, senior technology consultant for antivirus company Sophos, said authors of malicious software generally try to make the job of antivirus researchers as difficult as possible by adding confusing code and using evasion techniques.

"Atak tries to tell when someone is stepping through the code to analyze whether it is a virus or not. Often, a virus will contain lots of code that is designed to make it more complicated for (antivirus) companies to write the detections," Cluley said.

Mikko Hypponen, director of antivirus research at Finnish company F-Secure, said that although it is common practice for virus writers to protect their malware, this worm is exceptional.

Read Article

[hexadecimal]

very very interesting......viruses are some of the worst computer annoyances *along with all the bugs in M$*....personaly.....i think viruses are the closes things in our time to A.I. ...yes their is probably something closer in some military lab...but viruses show very logical behavior....their was a post about viruses coming alive....il get the thread here as soon as i find it...it talked about this.....


hex

[SexyBadGirl]

Maybe it's just a lazy virus ...

[Spyder32]

hexadecimal, I don't think a virus is close to A.I at all. A virus does merely what it's coded to do as a computer does what it is programmed and made to do (the OS, etc). Therefore it can't extend it's boundaries of code, no?

[cgkanchi]

Spyder32, ever heard of polymorphic viruses? They change their signature a little bit everytime they run, making it quite difficult for antivirus programs to detect them.

Cheers,
cgkanchi

[TheSpecialist]

Actually... once a worm has scanned a few wab, *.eml, *.htm, & other various documents/text files... or hell you could even check the clipboard for things. Anyways anyways... you'll want to look for .du .ru .com on the end of the addresses. You could make it change the language of the body & subject. You could make an entire array of phrases in those languages and produce random sentences like that.

All in all just check out the program known as Eliza... it does nothing but wait for input from the user and then ask a bunch of dumb questions that a therapist would normally ask along with the random but very occasional "Humm... I see" fallowed by another question. The big difference with mass mailers is the user isn't aware that information is being taken and stored in some place on their hard drive and is being used to contact other end users. Many if not most IRC worms could be compaired to very lame and watered down versions of AliceBot.

Agian the methods are just like some of the more older and redundant AI programs... you know, gain input from a user fallowed by an automated response. I mean really thats what AI currently is & has always been in many ways.

[hexadecimal]

exactly....yea some viruses do only what they are programed to do....but the newer viruses like cgjanchi said change every time they run....eventualy they will have more logic...will beable to decide what to infect where by deciding the better option in statistics....i think that A.I> is closer then we think......soon your computer will be asking you how your sleep was and so on
i personaly cant weight till the day i can have a very indepth convo wiht a computer.....smarter child not included...