My line of work would occasionally involve computer security. Most of
the time however, news about virus threats don’t interest me as much.
But not this one. This new breed of virus has the inherent ability to avert
anti-virus programs by disassembling an executable and reassembling
it with the program pointers rearranged, thus effectively making itself
(the virus) a part of the instruction flow in the executable and be totally
invisible in the gaze of anti-virus software that utilizes heuristic detection
algorithms. Combine this with a worm like spreading and destructive
capabilities made available by security loopholes in Microsoft’s operating
system as witnessed in recent outbreaks, e.g. Code Red, we have a
real potent mix here. The scary thing about the whole thing is that no
known anti-virus mechanisms out there is able to detect such infections!
However, all is not lost as yet. Technologies such as digital signatures
and fingerprinting, like Microsoft implemented in their device driver signing
initiative, might provide a way out to avert such things from happening
(there is still no way out once something is infected though). But again,
companies or even governments may be slow to adapt and embrace
such things, most likely because there’s no critical need for it yet.
Perhaps the threat of this virus is just the kick in the butt thing that is
needed to make people see the seriousness of what could be an
imminent devastating threat to the computing world.
Detailed info on how the virus works is available