Slashdot: News for Nerds


Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New Trend: Plus-Sized Malware Used To Fool AV

chicksdaddy (814965) writes | about a year and a half ago

Cloud 1

chicksdaddy writes "Obesity is an epidemic in the United States. And it looks as if it may soon be a problem in malware circles, as well.

After years watching malware authors pack their poison into smaller and smaller packages, one forum frequented by those seeking help with virus infections says that they’re seeing just the opposite: simple malware wrapped within obscenely large executables – in one case, over 200 megabytes, according to a post on the French-language support forum

According to Malekal, very large executables have been found in a string of recent infections reported to the site in recent days. The extra girth isn’t about added functionality, either. The 205 megabyte executable that was dropped would have zipped down to just 200K. So why go large? The current theory is that larger executables might be an effort to frustrate the realtime detection capabilities of modern AV clients, which grab new, suspicious files and send them (or a hash of the file) up to cloud based servers that will generate a new signature for the malware. Alternatively, IT staff may submit suspicious files by e-mail to their antivirus provider’s lab. In both cases, very large executables might frustrate efforts to develop a signature and detect the new threat."

Link to Original Source

cancel ×

1 comment

Ahhhh (1)

Big Hairy Ian (1155547) | about a year and a half ago | (#42689937)

Microsoft are writing Malware :)
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account