Advertisement
Promo

Security threats Toolkit

New virus hides behind old technology

Robert Lemos, ZDNet News ZDNet.co.uk

Published: 06 Sep 2000 08:02 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A new virus from the Czech Republic has anti-virus software makers rushing to analyse the ability of so-called "files streams" to infect PCs.

File streams -- not to be confused with audio and video streaming à la RealNetworks -- break programs up into a main code segment, or stream, and several alternate ones. Used for sharing data between programs, Microsoft's Windows NT technology first debuted in the Windows NT file system, or NTFS, but is also present in Windows 2000.

Eugene Kaspersky, the head of the Russian anti-virus research company Kaspersky Lab and the first to spotlight the Stream virus, theorised that hiding malicious code in a file stream would make it harder to detect. "Certainly, this virus begins a new era in computer virus creation," Kaspersky said in a statement from Moscow. "The 'Stream Companion' technology the virus uses to plant itself into files makes its detection and disinfection extremely difficult to complete."

Most anti-virus scanners only scan the main stream of each program and could miss data hiding in an alternate data stream, Kaspersky said.

But others derided Kaspersky's announcement as thinly veiled hype. "They have not proven anything here except that they can write data to an alternate data stream," said Russ Cooper, editor of Windows NT security watcher NTBugtraq.com, who moderated a discussion of the possible dangers posed by alternate data streams in 1997. That discussion concluded there was very little danger posed by the exploitation of the file streams system.

"This is highly theoretical and not all that new," said Cooper, who pointed out that to infect a computer, the virus would have to infect the main stream of the program. That would make it visible to current anti-virus programs.

The virus, created by two writers using the names Benny/29A and Ratter, does little else except infect files and it doesn't do that very well either, said Patrick Martin, product manager for Symantec's anti-virus research labs. Users should not worry about the virus attacking their computers. "This is a proof of concept," he said. "This virus is not going anywhere. It is not in the wild."

Take me to the Virus Workshop

What do you think? Tell the Mailroom. And read what others have said.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
49 out of 121 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:











Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

McKinnon lawyers seek judicial review

Lawyers seeking a judicial review for Nasa hacker Gary McKinnon lodged fresh evidence of his psychiatric state at the High Court on Thursday. Karen Todner, McKinnon's solicitor,... More

1 comment

Beware of keeping your head in the clo...

Information security professionals can look forward to a deepening appreciation for their skills as security continues to be recognised as an essential element for doing business in... More

1 comment

Civil liberties groups attack file-sha...

Civil liberties and digital rights organisations have strongly criticised Lord Mandelson's Digital Economy Bill. Liberty said in a position paper on Tuesday that the bill, part of... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters