Why those different names?

[Guest Øyvind Granberg]

Hi...

 

Why does the different antivirus and malware software producer have

different names for the same virus, trojan horse and so on...?

 

When I am looking for a solution and go to Grisofts webpages I cannot find

what I am looking for, even though I know for certain that the threat in

question is in their list. I have to resort to Google or the more

comprehensive lex at www.nai.com

 

Her is a list from www.nai.com showing the different names for the same

trojan:

http://vil.nai.com/vil/content/v_150513.htm

 

Why the different names?

Shouldn't it be a lot more efficient countermalwarevice to operate with the

same naming policy?

 

--

 

Vennlig hilsen

Øyvind Granberg

 

tresfjording@live.no

www.tresfjording.com

[Guest Malke]

Øyvind Granberg wrote:

<span style="color:blue">

> Hi...

>

> Why does the different antivirus and malware software producer have

> different names for the same virus, trojan horse and so on...?</span>

 

(snippage)

 

That's just the way it is. There have been numerous attempts to create a

unified malware/virus identification database but all have failed. You'd

have to ask each one of the av companies why. There's really nothing more

to say about this.

 

Malke

--

MS-MVP

Elephant Boy Computers - Don't Panic!

FAQ - http://www.elephantboycomputers.com/#FAQ

[Guest David H. Lipman]

From: "Øyvind Granberg" <tresfjording@live.no>

 

| Hi...

 

| Why does the different antivirus and malware software producer have

| different names for the same virus, trojan horse and so on...?

 

| When I am looking for a solution and go to Grisofts webpages I cannot find

| what I am looking for, even though I know for certain that the threat in

| question is in their list. I have to resort to Google or the more

| comprehensive lex at www.nai.com

 

| Her is a list from www.nai.com showing the different names for the same

| trojan:

| http://vil.nai.com/vil/content/v_150513.htm

 

| Why the different names?

| Shouldn't it be a lot more efficient countermalwarevice to operate with the

| same naming policy?

 

| --

 

| Vennlig hilsen

| Øyvind Granberg

 

| tresfjording@live.no

| www.tresfjording.com

 

 

 

That's a GOOD question !

 

There is no standardization between comapnies. At best there is a naming convention.

 

Take the Zlob. You may have several companies identifying a given infector as the Zlob

but at the same time show them with different variant names.

 

Additionally there may be a given infector where none will give it the same name. For

example the Blaster worm was called Lovsan by McAfee.

 

This is a problem that had plagued the AV industry from the beginning. To try to deal

with this problem, MITRE was contracted by the US CERT to come up with a common naming

convention for malware that was deemed to have infected numerous systems. This the the

MITRE Common Malware Enumerator (CME) list. MITE will assign a CME number and provide a

cross-indexed listing. For example, MITRE assigned 711 to a given downloader trojan and

thus the name becomes, CME-711.

 

"CME-711 is a Trojan Downloader that is spread as an attachment to emails with news

headlines as the subject lines which downloads additional security threats,"

 

When this happens hopefully the AV company will append their name with !CME-711

 

http://cme.mitre.org/data/list.html

 

Unfortunately, I haven't seen MITRE keep up with the new threts so this has basically

failed.

 

This is a problem, I am afriad to see, will last.

 

However systems like Virus Total are helpful in that when you submit a malware sample you

can see who falsgs and what they flag it as and you can then, hopefully, use their

encyclopedia/dictionaries to see what the infector is and does.

 

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

[Guest ~BD~]

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message

news:ulFWEJAUJHA.6092@TK2MSFTNGP04.phx.gbl...<span style="color:blue">

> From: "Øyvind Granberg" <tresfjording@live.no>

></span>

<snip><span style="color:blue">

>

> However systems like Virus Total are helpful in that when you submit a

> malware sample you

> can see who falsgs and what they flag it as and you can then, hopefully,

> use their

> encyclopedia/dictionaries to see what the infector is and does.

>

></span>

 

If I were a blackhat writing malware, once I had concocted a suitable

'draft', the first thing I would do would be to submit it to VirusTotal

for a check. If my new 'draft' was flagged, I'd simply re-write the code

until such time as it was NOT flagged by any of the sponsors of VirusTotal -

and only then release same into the wild.

 

Maybe some form of 'Registration' with operators like VirusTotal should be

invoked - in a, probably vain, attempt to restrict use to the good guys.

 

Any thoughts on this?

 

Dave

 

--

[Guest David H. Lipman]

From: "~BD~" <BoaterDave@hotmail.co.uk>

 

 

 

| If I were a blackhat writing malware, once I had concocted a suitable

| 'draft', the first thing I would do would be to submit it to VirusTotal

| for a check. If my new 'draft' was flagged, I'd simply re-write the code

| until such time as it was NOT flagged by any of the sponsors of VirusTotal -

| and only then release same into the wild.

 

| Maybe some form of 'Registration' with operators like VirusTotal should be

| invoked - in a, probably vain, attempt to restrict use to the good guys.

 

| Any thoughts on this?

 

| Dave

 

Yes, you have no idea what you are talking about.

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

[Guest Øyvind Granberg]

I understand....

 

The problem for me as a ignorant victim of assorted virusattacks is that I

can have problems finding a cure.

 

 

--

 

Vennlig hilsen

Øyvind Granberg

 

tresfjording@live.no

www.tresfjording.com

 

"David H. Lipman" <DLipman~nospam~@Verizon.Net> skrev i nyhetsmeldingen:

ulFWEJAUJHA.6092@TK2MSFTNGP04.phx.gbl ...<span style="color:blue">

> From: "Øyvind Granberg" <tresfjording@live.no>

></span>

snippped-------------

[Guest David H. Lipman]

From: "Øyvind Granberg" <tresfjording@live.no>

 

| I understand....

 

| The problem for me as a ignorant victim of assorted virusattacks is that I

| can have problems finding a cure.

 

 

| --

 

| Vennlig hilsen

| Øyvind Granberg

 

Yes.... { sigh }

It makes things very difficult indeed. Even for those of us dealing with malware at a

different level. It is rare when every vendor declares the same infector with the same

name. in short... PITA !

 

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

[Guest ~BD~]

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message

news:exN0elCUJHA.5084@TK2MSFTNGP05.phx.gbl...<span style="color:blue">

> From: "~BD~" <BoaterDave@hotmail.co.uk>

>

>

>

> | If I were a blackhat writing malware, once I had concocted a suitable

> | 'draft', the first thing I would do would be to submit it to

> VirusTotal

> | for a check. If my new 'draft' was flagged, I'd simply re-write the code

> | until such time as it was NOT flagged by any of the sponsors of

> VirusTotal -

> | and only then release same into the wild.

>

> | Maybe some form of 'Registration' with operators like VirusTotal should

> be

> | invoked - in a, probably vain, attempt to restrict use to the good guys.

>

> | Any thoughts on this?

>

> | Dave

>

> Yes, you have no idea what you are talking about.

>

> --

> Dave

> http://www.claymania.com/removal-trojan-adware.html

> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

>

></span>

 

Mr Lipman,

 

You say in this thread " Even for those of us dealing with malware at a

different level .... " - which, to me, implies that rather than simply being

another 'user' helping your peers, you are here on this newsgroup answering

questions in some kind of professional capacity. In others words, as part of

your job.

 

Is this indeed so?

 

If it is, for what kind of organisation do you work? (You've said before

that it isn't Microsoft - hopefully it is not Al-Qaeda).

 

You also say to me ".... no idea what you are talking about". Perhaps you

are right - so, explain to me exactly why the bad guys CANNOT use the

likes of VirusTotal to 'check' their work before releasing it onto the

Internet. I'd really appreciate it. Thanks.

 

Dave

 

--

[Guest none]

~BD~ wrote:<span style="color:blue">

> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message

> news:exN0elCUJHA.5084@TK2MSFTNGP05.phx.gbl...<span style="color:green">

>> From: "~BD~" <BoaterDave@hotmail.co.uk>

>>

>>

>>

>> | If I were a blackhat writing malware, once I had concocted a suitable

>> | 'draft', the first thing I would do would be to submit it to

>> VirusTotal

>> | for a check. If my new 'draft' was flagged, I'd simply re-write the code

>> | until such time as it was NOT flagged by any of the sponsors of

>> VirusTotal -

>> | and only then release same into the wild.

>>

>> | Maybe some form of 'Registration' with operators like VirusTotal should

>> be

>> | invoked - in a, probably vain, attempt to restrict use to the good guys.

>>

>> | Any thoughts on this?

>>

>> | Dave

>>

>> Yes, you have no idea what you are talking about.

>>

>> --

>> Dave

>> http://www.claymania.com/removal-trojan-adware.html

>> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

>>

>></span>

>

> Mr Lipman,

>

> You say in this thread " Even for those of us dealing with malware at a

> different level .... " - which, to me, implies that rather than simply being

> another 'user' helping your peers, you are here on this newsgroup answering

> questions in some kind of professional capacity. In others words, as part of

> your job.

>

> Is this indeed so?

>

> If it is, for what kind of organisation do you work? (You've said before

> that it isn't Microsoft - hopefully it is not Al-Qaeda).

>

> You also say to me ".... no idea what you are talking about". Perhaps you

> are right - so, explain to me exactly why the bad guys CANNOT use the

> likes of VirusTotal to 'check' their work before releasing it onto the

> Internet. I'd really appreciate it. Thanks.

>

> Dave

> </span>

 

 

Damn boy! You want to know an awful lot about a persons personal life.

 

Did it ever enter your small brain that, just maybe, some people who

post here have a real job in computer security, and that they come here

to help others in their spare time?

 

That would certainly place some at a different level - as compared to

you - who just comes here to be a pain in the ass!

[Guest ~BD~]

"none" <""richard\"@(none)"> wrote in message

news:eMs1IZKUJHA.3492@TK2MSFTNGP03.phx.gbl...<span style="color:blue">

> ~BD~ wrote:<span style="color:green">

>> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message

>> news:exN0elCUJHA.5084@TK2MSFTNGP05.phx.gbl...<span style="color:darkred">

>>> From: "~BD~" <BoaterDave@hotmail.co.uk>

>>>

>>>

>>>

>>> | If I were a blackhat writing malware, once I had concocted a suitable

>>> | 'draft', the first thing I would do would be to submit it to

>>> VirusTotal

>>> | for a check. If my new 'draft' was flagged, I'd simply re-write the

>>> code

>>> | until such time as it was NOT flagged by any of the sponsors of

>>> VirusTotal -

>>> | and only then release same into the wild.

>>>

>>> | Maybe some form of 'Registration' with operators like VirusTotal

>>> should be

>>> | invoked - in a, probably vain, attempt to restrict use to the good

>>> guys.

>>>

>>> | Any thoughts on this?

>>>

>>> | Dave

>>>

>>> Yes, you have no idea what you are talking about.

>>>

>>> --

>>> Dave

>>> http://www.claymania.com/removal-trojan-adware.html

>>> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

>>>

>>></span>

>>

>> Mr Lipman,

>>

>> You say in this thread " Even for those of us dealing with malware at a

>> different level .... " - which, to me, implies that rather than simply

>> being another 'user' helping your peers, you are here on this newsgroup

>> answering questions in some kind of professional capacity. In others

>> words, as part of your job.

>>

>> Is this indeed so?

>>

>> If it is, for what kind of organisation do you work? (You've said before

>> that it isn't Microsoft - hopefully it is not Al-Qaeda).

>>

>> You also say to me ".... no idea what you are talking about". Perhaps you

>> are right - so, explain to me exactly why the bad guys CANNOT use the

>> likes of VirusTotal to 'check' their work before releasing it onto the

>> Internet. I'd really appreciate it. Thanks.

>>

>> Dave

>></span>

>

>

> Damn boy! You want to know an awful lot about a persons personal life.

>

> Did it ever enter your small brain that, just maybe, some people who post

> here have a real job in computer security, and that they come here to help

> others in their spare time?

>

> That would certainly place some at a different level - as compared to

> you - who just comes here to be a pain in the ass!</span>

 

--

 

 

I'd prefer you not to swear here, Richard - no matter how stongly you feel.

 

Richard Urban (now posting as 'none' - why, Richard?)

Microsoft MVP

Windows Desktop Experience

c-24-98-57-125.hsd1.ga.comcast.net

 

Dave

 

--

[Guest none]

~BD~ wrote:<span style="color:blue">

> "none" <""richard"@(none)"> wrote in message

> news:eMs1IZKUJHA.3492@TK2MSFTNGP03.phx.gbl...<span style="color:green">

>> ~BD~ wrote:<span style="color:darkred">

>>> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message

>>> news:exN0elCUJHA.5084@TK2MSFTNGP05.phx.gbl...

>>>> From: "~BD~" <BoaterDave@hotmail.co.uk>

>>>>

>>>>

>>>>

>>>> | If I were a blackhat writing malware, once I had concocted a suitable

>>>> | 'draft', the first thing I would do would be to submit it to

>>>> VirusTotal

>>>> | for a check. If my new 'draft' was flagged, I'd simply re-write the

>>>> code

>>>> | until such time as it was NOT flagged by any of the sponsors of

>>>> VirusTotal -

>>>> | and only then release same into the wild.

>>>>

>>>> | Maybe some form of 'Registration' with operators like VirusTotal

>>>> should be

>>>> | invoked - in a, probably vain, attempt to restrict use to the good

>>>> guys.

>>>>

>>>> | Any thoughts on this?

>>>>

>>>> | Dave

>>>>

>>>> Yes, you have no idea what you are talking about.

>>>>

>>>> --

>>>> Dave

>>>> http://www.claymania.com/removal-trojan-adware.html

>>>> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

>>>>

>>>>

>>> Mr Lipman,

>>>

>>> You say in this thread " Even for those of us dealing with malware at a

>>> different level .... " - which, to me, implies that rather than simply

>>> being another 'user' helping your peers, you are here on this newsgroup

>>> answering questions in some kind of professional capacity. In others

>>> words, as part of your job.

>>>

>>> Is this indeed so?

>>>

>>> If it is, for what kind of organisation do you work? (You've said before

>>> that it isn't Microsoft - hopefully it is not Al-Qaeda).

>>>

>>> You also say to me ".... no idea what you are talking about". Perhaps you

>>> are right - so, explain to me exactly why the bad guys CANNOT use the

>>> likes of VirusTotal to 'check' their work before releasing it onto the

>>> Internet. I'd really appreciate it. Thanks.

>>>

>>> Dave

>>></span>

>>

>> Damn boy! You want to know an awful lot about a persons personal life.

>>

>> Did it ever enter your small brain that, just maybe, some people who post

>> here have a real job in computer security, and that they come here to help

>> others in their spare time?

>>

>> That would certainly place some at a different level - as compared to

>> you - who just comes here to be a pain in the ass!</span>

>

> --

>

>

> I'd prefer you not to swear here, Richard - no matter how stongly you feel.

>

> Richard Urban (now posting as 'none' - why, Richard?)

> Microsoft MVP

> Windows Desktop Experience

> c-24-98-57-125.hsd1.ga.comcast.net

>

> Dave

>

> --

>

> </span>

 

Then go away - PLEASE!

[Guest ~BD~]

"none" <""richard\"@(none)"> wrote in message

news:OddxPELUJHA.1172@TK2MSFTNGP03.phx.gbl...<span style="color:blue">

> ~BD~ wrote:<span style="color:green">

>> "none" <""richard"@(none)"> wrote in message

>> news:eMs1IZKUJHA.3492@TK2MSFTNGP03.phx.gbl...<span style="color:darkred">

>>> ~BD~ wrote:

>>>> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message

>>>> news:exN0elCUJHA.5084@TK2MSFTNGP05.phx.gbl...

>>>>> From: "~BD~" <BoaterDave@hotmail.co.uk>

>>>>>

>>>>>

>>>>>

>>>>> | If I were a blackhat writing malware, once I had concocted a

>>>>> suitable

>>>>> | 'draft', the first thing I would do would be to submit it to

>>>>> VirusTotal

>>>>> | for a check. If my new 'draft' was flagged, I'd simply re-write the

>>>>> code

>>>>> | until such time as it was NOT flagged by any of the sponsors of

>>>>> VirusTotal -

>>>>> | and only then release same into the wild.

>>>>>

>>>>> | Maybe some form of 'Registration' with operators like VirusTotal

>>>>> should be

>>>>> | invoked - in a, probably vain, attempt to restrict use to the good

>>>>> guys.

>>>>>

>>>>> | Any thoughts on this?

>>>>>

>>>>> | Dave

>>>>>

>>>>> Yes, you have no idea what you are talking about.

>>>>>

>>>>> --

>>>>> Dave

>>>>> http://www.claymania.com/removal-trojan-adware.html

>>>>> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

>>>>>

>>>>>

>>>> Mr Lipman,

>>>>

>>>> You say in this thread " Even for those of us dealing with malware at a

>>>> different level .... " - which, to me, implies that rather than simply

>>>> being another 'user' helping your peers, you are here on this newsgroup

>>>> answering questions in some kind of professional capacity. In others

>>>> words, as part of your job.

>>>>

>>>> Is this indeed so?

>>>>

>>>> If it is, for what kind of organisation do you work? (You've said

>>>> before that it isn't Microsoft - hopefully it is not Al-Qaeda).

>>>>

>>>> You also say to me ".... no idea what you are talking about". Perhaps

>>>> you are right - so, explain to me exactly why the bad guys CANNOT use

>>>> the likes of VirusTotal to 'check' their work before releasing it onto

>>>> the Internet. I'd really appreciate it. Thanks.

>>>>

>>>> Dave

>>>>

>>>

>>> Damn boy! You want to know an awful lot about a persons personal life.

>>>

>>> Did it ever enter your small brain that, just maybe, some people who

>>> post here have a real job in computer security, and that they come here

>>> to help others in their spare time?

>>>

>>> That would certainly place some at a different level - as compared to

>>> you - who just comes here to be a pain in the ass!</span>

>>

>> --

>>

>>

>> I'd prefer you not to swear here, Richard - no matter how stongly you

>> feel.

>>

>> Richard Urban (now posting as 'none' - why, Richard?)

>> Microsoft MVP

>> Windows Desktop Experience

>> c-24-98-57-125.hsd1.ga.comcast.net

>>

>> Dave

>>

>> --

>>

>></span>

>

> Then go away - PLEASE!</span>

 

--

 

NO! :-)

 

--

[Guest Geoff]

On Thu, 27 Nov 2008 00:29:36 -0000, "~BD~" <BoaterDave@hotmail.co.uk>

wrote:

<span style="color:blue">

>

>"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message

>news:ulFWEJAUJHA.6092@TK2MSFTNGP04.phx.gbl...<span style="color:green">

>> From: "Øyvind Granberg" <tresfjording@live.no>

>></span>

><snip><span style="color:green">

>>

>> However systems like Virus Total are helpful in that when you submit a

>> malware sample you

>> can see who falsgs and what they flag it as and you can then, hopefully,

>> use their

>> encyclopedia/dictionaries to see what the infector is and does.

>>

>></span>

>

>If I were a blackhat writing malware, once I had concocted a suitable

>'draft', the first thing I would do would be to submit it to VirusTotal

>for a check. If my new 'draft' was flagged, I'd simply re-write the code

>until such time as it was NOT flagged by any of the sponsors of VirusTotal -

>and only then release same into the wild.

></span>

 

Some probably do. But they would be telegraphing their morphs to the very

systems from which they are trying to hide. Heuristic scanners look for

behaviors, op-codes and function calls or certain decompression and

self-decrypting files. It's futile to try to hide from a broad spectrum of

detectors all at once. The point is to exploit a vulnerability and disable

the detection on a specific class of target and not to slip past all

detectors all at once. Get in, get your malicious work done, don't care

what happens to your victim after that.

 

Nothing prevents a malware writer from testing his code against an isolated

machine running the A-V product he's trying to get past. He doesn't have to

do it online and he can do it at no cost without tipping off the

opposition.

<span style="color:blue">

>Maybe some form of 'Registration' with operators like VirusTotal should be

>invoked - in a, probably vain, attempt to restrict use to the good guys.

></span>

 

The goal of the site is to provide a wide spectrum detection service for

_regular_users_ to scan suspect files so they can identify the malware and

choose the proper removal method. Restriction is simple not feasible or a

reasonable goal. Opening it up to registration to keep "evil bad guys" out

is ridiculous. Prove you are who you say you are. Prove you are a "good

guy". Prove you are not a "bad guy". How will you do that online? Send a

scan of your drivers license, passport, social security card, national

health care ID and your address? Please.

[Guest FromTheRafters]

"Geoff" <geoff@invalid.invalid> wrote in message

news:tjoti4p8dn5fi0t5rckimeoriiasicqkkj@4ax.com...

<span style="color:blue">

> The point is to exploit a vulnerability</span>

 

A virus doesn't need a vulnerability.

<span style="color:blue">

> and disable the detection on a specific class of target</span>

 

One kind of virus does this, the computer retrovirus.

 

http://www.smartcomputing.com/editorial/di...pe=Encyclopedia

 

It was a relatively recent trend among worms too, but now hiding

from them via rootkit technology is becoming more popular. Why

use appkiller if you can stealth yourself.

<span style="color:blue">

> and not to slip past all detectors all at once.</span>

 

Which in the earlier days of polymorphic viruses was exactly the point.

Detection came down to the ability to detect self-decryptors or to

emulate the target environment long enough and deep enough to get

the virus body to expose itself.

[Guest ~BD~]

"Geoff" <geoff@invalid.invalid> wrote in message

news:tjoti4p8dn5fi0t5rckimeoriiasicqkkj@4ax.com...<span style="color:blue">

> On Thu, 27 Nov 2008 00:29:36 -0000, "~BD~" <BoaterDave@hotmail.co.uk>

> wrote:

><span style="color:green">

>>

>>"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message

>>news:ulFWEJAUJHA.6092@TK2MSFTNGP04.phx.gbl...<span style="color:darkred">

>>> From: "Øyvind Granberg" <tresfjording@live.no>

>>></span>

>><snip><span style="color:darkred">

>>>

>>> However systems like Virus Total are helpful in that when you submit a

>>> malware sample you

>>> can see who falsgs and what they flag it as and you can then, hopefully,

>>> use their

>>> encyclopedia/dictionaries to see what the infector is and does.

>>>

>>></span>

>>

>>If I were a blackhat writing malware, once I had concocted a suitable

>>'draft', the first thing I would do would be to submit it to VirusTotal

>>for a check. If my new 'draft' was flagged, I'd simply re-write the code

>>until such time as it was NOT flagged by any of the sponsors of

>>VirusTotal -

>>and only then release same into the wild.

>></span>

>

> Some probably do. But they would be telegraphing their morphs to the very

> systems from which they are trying to hide. Heuristic scanners look for

> behaviors, op-codes and function calls or certain decompression and

> self-decrypting files. It's futile to try to hide from a broad spectrum of

> detectors all at once. The point is to exploit a vulnerability and disable

> the detection on a specific class of target and not to slip past all

> detectors all at once. Get in, get your malicious work done, don't care

> what happens to your victim after that.

>

> Nothing prevents a malware writer from testing his code against an

> isolated

> machine running the A-V product he's trying to get past. He doesn't have

> to

> do it online and he can do it at no cost without tipping off the

> opposition.

><span style="color:green">

>>Maybe some form of 'Registration' with operators like VirusTotal should be

>>invoked - in a, probably vain, attempt to restrict use to the good guys.

>></span>

>

> The goal of the site is to provide a wide spectrum detection service for

> _regular_users_ to scan suspect files so they can identify the malware and

> choose the proper removal method. Restriction is simple not feasible or a

> reasonable goal. Opening it up to registration to keep "evil bad guys" out

> is ridiculous. Prove you are who you say you are. Prove you are a "good

> guy". Prove you are not a "bad guy". How will you do that online? Send a

> scan of your drivers license, passport, social security card, national

> health care ID and your address? Please.</span>

 

--

 

 

I appreciate your comments, Geoff.

Thank you for posting.

 

Dave

 

--

[Guest ~BD~]

"FromTheRafters" <erratic@nomail.afraid.org> wrote in message

news:%235gNzjMUJHA.1360@TK2MSFTNGP05.phx.gbl...<span style="color:blue">

>

> "Geoff" <geoff@invalid.invalid> wrote in message

> news:tjoti4p8dn5fi0t5rckimeoriiasicqkkj@4ax.com...

><span style="color:green">

>> The point is to exploit a vulnerability</span>

>

> A virus doesn't need a vulnerability.

><span style="color:green">

>> and disable the detection on a specific class of target</span>

>

> One kind of virus does this, the computer retrovirus.

>

> http://www.smartcomputing.com/editorial/di...pe=Encyclopedia

>

> It was a relatively recent trend among worms too, but now hiding

> from them via rootkit technology is becoming more popular. Why

> use appkiller if you can stealth yourself.

><span style="color:green">

>> and not to slip past all detectors all at once.</span>

>

> Which in the earlier days of polymorphic viruses was exactly the point.

> Detection came down to the ability to detect self-decryptors or to

> emulate the target environment long enough and deep enough to get

> the virus body to expose itself.

></span>

--

 

 

My understanding is that some malware, if already resident in a machine can,

and will, render an 'anti-malware' facility useless, even as that facility

is first being loaded onto the computer. The user thereafter has a false

sense of security - being totally unaware that there may be a 'gremlin'

lurking within their machine.

 

Your post appears to confirm this FTR - thank you.

 

Dave

 

--