Malware targets computer forensics tool
PrintWinHex spell fails to take
Posted in Software & Security, 18th June 2007 14:53 GMT
Free whitepaper – Straight Talk with Dell: Sending out an SaaS
Virus writers have created a proof-of-concept virus that targets a widely-used computer forensics tool.
Vred-A infects WinHex scripts, preventing these additions to forensics and data recovery tools from doing anything except infecting other scripts. The virus has not been seen in the wild, and probably never will be.
Only Inspector Clouseau-style levels of incompetency would permit a forensics examiner to infect a system he was working on with the virus. WinHex shows a warning before running any script, so the virus can not spread without a user's consent.
Interest in the malware is confined to its curiosity value.
Proof-of-concept viruses can be thought of as an attempt by malware authors to show off to their peers or experiment with what might be possible with their adversaries in the anti-virus community. New platforms, such as smart phones, PDAs, or specialist platforms are the usual targets for attack.
Attempts to unpick computer security tools through this process are rare but not unprecedented. Last year, VXers created a proof-of-concept virus that targeted IDA (Interactive Disassembler Pro), a widely used tool that helps anti-virus researchers understand the behaviour of malware samples. ®
Free whitepaper – Managing desktop software for fun and profit
What Exchange can't do - and Dell can
Enabling The Agile Data Center
Seven ways to lower storage costs
Hosted CRM Can Be Your Secret Weapon to Success!
Sign up, sign up for The Register IT security newsletter
Microsoft's Windows 7 price gamble - and why it's flawed
Managing Desktop Software for fun and profit
Intel's flash new SSDs hit by bugs