Follow Slashdot stories on Twitter


Forgot your password?

Submission + - New Trend: Plus-Sized Malware Used To Fool AV ( 1

chicksdaddy writes: "Obesity is an epidemic in the United States. And it looks as if it may soon be a problem in malware circles, as well.

After years watching malware authors pack their poison into smaller and smaller packages, one forum frequented by those seeking help with virus infections says that they’re seeing just the opposite: simple malware wrapped within obscenely large executables – in one case, over 200 megabytes, according to a post on the French-language support forum

According to Malekal, very large executables have been found in a string of recent infections reported to the site in recent days. The extra girth isn’t about added functionality, either. The 205 megabyte executable that was dropped would have zipped down to just 200K. So why go large? The current theory is that larger executables might be an effort to frustrate the realtime detection capabilities of modern AV clients, which grab new, suspicious files and send them (or a hash of the file) up to cloud based servers that will generate a new signature for the malware. Alternatively, IT staff may submit suspicious files by e-mail to their antivirus provider’s lab. In both cases, very large executables might frustrate efforts to develop a signature and detect the new threat."

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

New Trend: Plus-Sized Malware Used To Fool AV

Comments Filter:

1 1 was a race-horse, 2 2 was 1 2. When 1 1 1 1 race, 2 2 1 1 2.