Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Malware starts using the mouse to hide itself

Anonymous Coward writes | about 2 years ago

Security 0

An anonymous reader writes "Security vendors have to analyze and detect millions of potential threats every year. However, you can’t analyze all potential threats by hand, so automated threat analysis systems are employed. These typically look at suspicious files in a virtual machine and test each one quickly to see if it poses a threat.

The malware developers know such systems exist and have therefore employed countermeasures to try and avoid detection. Symantec has discovered that some malware won’t start running unless it detects activity from the mouse. Why would malware writers do this? Mouse activity is done by a user, and in an automated threat analysis system a user isn’t present and therefore no mouse activity is required.

Some malware has also been found to go to sleep for several minutes and then wait several more minutes once active before infiltrating a system. The reason for this is a typical automated threat analysis system looks at individual files very quickly, so waiting to execute helps ensure the malware is on a real system and not a virtual test environment."

Link to Original Source

Sorry! There are no comments related to the filter you selected.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?