A new Windows worm discovered on Monday called “Atak” tries to avoid anti-virus scanners by going to sleep if it thinks that it’s being scanned. On top of that it also appears that it may attack rival viruses.
“It is standard for worms to have layers of encryption—or armouring—to keep out snoopers, but this goes way beyond that. It tries actively to detect if it is being analysed by antivirus research tools. If it thinks it is being analysed, it stops running and shuts down,” said Hyppönen.
Atak is not thought to be a serious threat, but because of recent detection and in-built protection, the worm’s full functionality has not yet been fully analysed. However, it is known that the worm contains text that seems to threaten other well-known worms and viruses, such as MyDoom, Bagle and Netsky.
Atak may not be much of a threat in and of itself, it’s thought that its primary purpose is spam relaying, but the fact that it’s introducing a new means of trying to avoid detection heralds the beginning of what will likely be a new trend. The people who write these things tend to adapt new techniques like this quickly so while this particular worm may be more of an irritation than a danger the same may not be true about the next one that uses this new sleeper technique. Keep those virus scanners updated folks.