New worms getting smarter in avoiding virus scanners.

A new Windows worm discovered on Monday called “Atak” tries to avoid anti-virus scanners by going to sleep if it thinks that it’s being scanned. On top of that it also appears that it may attack rival viruses.

‘Smart’ worm lies low to evade detection – ZDNet UK News

“It is standard for worms to have layers of encryption—or armouring—to keep out snoopers, but this goes way beyond that. It tries actively to detect if it is being analysed by antivirus research tools. If it thinks it is being analysed, it stops running and shuts down,” said Hyppönen.

Atak is not thought to be a serious threat, but because of recent detection and in-built protection, the worm’s full functionality has not yet been fully analysed. However, it is known that the worm contains text that seems to threaten other well-known worms and viruses, such as MyDoom, Bagle and Netsky.

Atak may not be much of a threat in and of itself, it’s thought that its primary purpose is spam relaying, but the fact that it’s introducing a new means of trying to avoid detection heralds the beginning of what will likely be a new trend. The people who write these things tend to adapt new techniques like this quickly so while this particular worm may be more of an irritation than a danger the same may not be true about the next one that uses this new sleeper technique. Keep those virus scanners updated folks.

1 thought on “New worms getting smarter in avoiding virus scanners.

  1. Hmm..with all of this crap going on, you would have thought by now someone would have just made a worm or virus that simply seeks out others of it’s kind to “kill” them just like an AV program is supposed to do. But then again, that would take away all of the profits from the AV companies smile

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.