Sober Worm Hides From AV Scanners
2005-05-11 11:09:00
One of the reasons why the Sober.p worm continues to spread is because of the way it hides from some anti-virus scanners, a Russian security firm said Wednesday.
Sober.p--also called Sober.s, Sober.o, and Sober.v by various anti-virus companies--includes a mechanism that prevents other programs from accessing its files, said Moscow-based Kaspersky Labs. That presents problems for some anti-virus software.
The tactic has been seen in previous Sobers, said Kaspersky, but it's been refined so that no applications, not even those running under a SYSTEM account, can access them.
"If something can't be scanned, then malicious code can't be detected," Kaspersky said in an online alert. "This rules out the chance of Sober being detected while running an on-demand scan."
Instead, the anti-virus software must have the means to detect Sober running in memory, then kill those processes.
"This is where some anti-virus programs are failing," added Kaspersky. "Either they don't have a memory scanner, or the scanner has limited functionality which isn't able to kill the processes."
Several anti-virus vendors have posted free detection and deletion tools, however, that are able to see through Sober's cloak of invisibility. Panda Software, for instance, offers QuickRemover.
Microsoft's Windows Malicious Software Removal Tool, which was updated Tuesday as part of the regular monthly security bulletin release, also sniffs out Sober.p.
|
|
Sabre's GetThere Capitalizing On Federal E-travel Efforts
The federal government's E-travel initiative is proving to be a boon to Sabre Holdings Corp.'s GetThere unit. In the past few months, the initiative, which requires that all federal agencies have a desktop application that lets employees book travel online, has resulted in more than a half-dozen government agencies using GetThere's Direct Government booking tool.
Mozilla Updates Firefox To Fix Flaws
The Mozilla Foundation on Thursday released a security update to both its standalone Firefox browser and its Mozilla suite to squash bugs revealed last weekend, a demonstration, said the organization's head of engineering, of the fast reaction advantage Firefox has over Microsoft and its Internet Explorer.
Google Acquires Mobile Social-Networking Company Dodgeball.com
Google Inc. has bought Dodgeball.com, a social-networking startup that helps people find and talk to each other through mobile text messaging.
Microsoft Poised To Launch Next-Gen Xbox
Microsoft will launch its next-generation Xbox gaming console on Thursday evening, company chairman Steve Ballmer said during a webcast Thursday.
Over Half Of Online Adults Use Broadband At Home
Three quarters of U.S. adults go online, with more than half using broadband at home, a survey released Thursday showed.
IBM Embraces Firefox For Web Browsing
Big Blue is making Mozilla's Firefox browser available to 300,000 employees.
Adware Targets Kids
Mainstream children's Web sites host a glut of adware, a security firm said this week, proof that spyware makers are targeting kids in an attempt to slip by parents and get their software onto home computers.
Thunderbird's Big Lift
Mozilla adds calendaring and security features to its open-source e-mail client.
AOL Launches SDK For IM-Game Integration
AIM and ICQ networks to be available, along with presence technology to give gamers enhanced online experience.
Finjan Launches SMB Web Security Appliance
Finjan Software on Monday launched its Vital Security Appliance NG-1100, a Web security appliance targeting small- and medium-sized businesses.
|
