h a l f b a k e r yNot so much a thought experiment as a single neuron misfire.
add, search, annotate, link, view, overview, recent, by name, random
news, help, about, links, report a problem
browse anonymously,
or get an account
and write.
register,
|
|
|
Firstly, Im not advocating the development of this worm. Im just wondering when we are going to see one crop up, and what we can do to prevent it.
The news is flooded with virii and worms that can move about very quickly. They spread like wildfire, moving very quickly from host to host. Likewise,
anti-virus companies are quick to spot it.
When will we see a 'sleepy' worm? One that infects your computer, then goes to sleep. Heres what I see happening. The worm infects you somehow (exploit, opening an exe, etc). It adds itself to one of the startup locations, and goes to sleep. Each time its executed, it waits checks to see if x amount of time has passed (one week, one day, one month, etc).
If its been 'sleeping' for an appropriate amount of time, it wakes up and does a scan of the computer for any antivirus programs. It does this only after the computer has been idle for an hour, so as not to attract attention. If the coast is clear, it spreads itself (however, email, exploit, etc) to a few more victims, then goes back into sleep mode.
Heres my question. How will Anti-Virus companies every detect this type of worm? It spreads too slow to ever get noticed, unless there is a fluke chance that someone is watching. Really, the big worms are only noticed because they spread so fast, or have a really heavy payload. What methods can we use to stop it?
BTW, this is my first Halfbakery post :)
Please log in.
If you're not logged in,
you can see what this page
looks like, but you will
not be able to add anything.
Destination URL.
E.g., https://www.coffee.com/
Description (displayed with the short name and URL.)
|
|
It's already there, your anti virus software just cannot detect it. Did you check your bank and credit card accounts recently? |
|
|
There was an old virus (I think it's been well disposed of, becuase I can't find any links) called Beethoven's Birthday which infected your computer and slept until Dec10. On Dec10 it would play Beethoven's 9th symphony and wipe your master boot record. |
|
|
Hm, there are a few problems with this.
First of all, a lot of antivirus software
notifies you when a program tries to
access the system software. Second, if it
relies on e-mail to propagate, it will be
found quickly. If it relies on an exploit,
there is a chance it might be fixed
before the "activation" date. |
|
|
Thats true. Didnt think of the exploit being fixed, and surely outgoing emails would be detected. But what if it took precautions to make sure it didnt send emails on systems being watched (with AV running)? A sort of 'noble' worm, where it will sacrifice itself for the rest of the breed. |
|
|
I guess there really isnt anyway to detect it, just hope that you can find it when it trys to spread. |
|
|
I am not going to claim to know anything about computers but couldn't someone make an anti-virus that checks if any files have been added to the computer that wern't approved by the user? They could do what some web-sites do and make you type in the letters in a picture to make it harder for the virus to get on the computer in the first place. |
|
|
Or couldn't a scanner be put into computers that detect any program that does anything without the user telling you to, then notifies the user as to what the program does |
|
|
Maybe the most successful virus is
Windows - 90% of computers infected, and
hosts actively seek and install new
versions of the virus. It is malicious only
occasionally, corrupting the odd file here
and there. Perfect parasite. |
|
|
Alas, your first and last post. I belive this virus exists. Actually, newbies to the world of virus-making make these all the time. They get eradicated quite easily. In fact, even if some poser geek miraculously finds a way to get it around successfully, it might not even have any effect on the computer except for existing (forgetting to give it a purpose is typical of the dabblers). Sort of redundant, no? |
|
| |