Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Back for a limited time - Get 15% off sitewide on Slashdot Deals with coupon code "BLACKFRIDAY" (some exclusions apply)". ×

Submission + - New Trend: Plus-Sized Malware Used To Fool AV (securityledger.com) 1

chicksdaddy writes: "Obesity is an epidemic in the United States. And it looks as if it may soon be a problem in malware circles, as well.

After years watching malware authors pack their poison into smaller and smaller packages, one forum frequented by those seeking help with virus infections says that they’re seeing just the opposite: simple malware wrapped within obscenely large executables – in one case, over 200 megabytes, according to a post on the French-language support forum Malekal.com.

According to Malekal, very large executables have been found in a string of recent infections reported to the site in recent days. The extra girth isn’t about added functionality, either. The 205 megabyte executable that was dropped would have zipped down to just 200K. So why go large? The current theory is that larger executables might be an effort to frustrate the realtime detection capabilities of modern AV clients, which grab new, suspicious files and send them (or a hash of the file) up to cloud based servers that will generate a new signature for the malware. Alternatively, IT staff may submit suspicious files by e-mail to their antivirus provider’s lab. In both cases, very large executables might frustrate efforts to develop a signature and detect the new threat."

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

New Trend: Plus-Sized Malware Used To Fool AV

Comments Filter:

The trouble with doing something right the first time is that nobody appreciates how difficult it was.