Malware targets computer forensics tool
Print storyWinHex spell fails to take
Posted in Software & Security, 18th June 2007 14:53 GMT
Free whitepaper – Essential archive requirements for eDiscovery
Virus writers have created a proof-of-concept virus that targets a widely-used computer forensics tool.
Vred-A infects WinHex scripts, preventing these additions to forensics and data recovery tools from doing anything except infecting other scripts. The virus has not been seen in the wild, and probably never will be.
Only Inspector Clouseau-style levels of incompetency would permit a forensics examiner to infect a system he was working on with the virus. WinHex shows a warning before running any script, so the virus can not spread without a user's consent.
Interest in the malware is confined to its curiosity value.
Proof-of-concept viruses can be thought of as an attempt by malware authors to show off to their peers or experiment with what might be possible with their adversaries in the anti-virus community. New platforms, such as smart phones, PDAs, or specialist platforms are the usual targets for attack.
Attempts to unpick computer security tools through this process are rare but not unprecedented. Last year, VXers created a proof-of-concept virus that targeted IDA (Interactive Disassembler Pro), a widely used tool that helps anti-virus researchers understand the behaviour of malware samples. ®
Free whitepaper – Five essential considerations for Exchange 2007 implementations
The future of SaaS and IT infrastructure management
The mandate for application security
Extended Validation SSL Certificates
Avoiding 7 common mistakes of IT security compliance
Sign up, sign up for The Register IT security newsletter
Former top Sun exec mourns end of a franchise
Win an HTC Touch Diamond2!
Disties braced for autumn reseller collapses