Virus writers have created a proof-of-concept virus that targets a widely-used computer forensics tool.

Vred-A (http://www.f-secure.com/v-descs/virus_wh_vred_a.shtml) infects WinHex scripts, preventing these additions to forensics and data recovery tools from doing anything except infecting other scripts. The virus has not been seen in the wild, and probably never will be.

Only Inspector Clouseau-style levels of incompetency would permit a forensics examiner to infect a system he was working on with the virus. WinHex shows a warning before running any script, so the virus can not spread without a user's consent.

Interest in the malware is confined to its curiosity value.

Proof-of-concept viruses can be thought of as an attempt by malware authors to show off to their peers or experiment with what might be possible with their adversaries in the anti-virus community. New platforms, such as smart phones, PDAs, or specialist platforms are the usual targets for attack.

Attempts to unpick computer security tools through this process are rare but not unprecedented. Last year, VXers created a proof-of-concept virus that targeted IDA (Interactive Disassembler Pro), a widely used tool that helps anti-virus researchers understand the behaviour of malware samples. ®

Related stories

MS supplies cops with DIY forensics tool (30 April 2008)
http://www.channelregister.co.uk/2008/04/30/ms_forensics_usb/
US laws restrict computer forensics to gumshoes (7 January 2008)
http://www.channelregister.co.uk/2008/01/07/computer_forensics_us_laws/
Don't touch that Microsoft Security Bulletin email (28 June 2007)
http://www.channelregister.co.uk/2007/06/28/outlook_bug_isnot/
Malware targets OpenOffice users (22 May 2007)
http://www.channelregister.co.uk/2007/05/22/badbunny/
Attackers improve on JavaScript trickery (20 April 2007)
http://www.channelregister.co.uk/2007/04/20/javascript_obfuscation_attacks/
Notes on Vista forensics (16 April 2007)
http://www.channelregister.co.uk/2007/04/16/vista_forensics_2/
Linux malware for iPods poses little risk (5 April 2007)
http://www.channelregister.co.uk/2007/04/05/ipod_malware/
Man sues MS after FBI uncovers smut surfing habits (6 March 2007)
http://www.theregister.co.uk/2007/03/06/firearm_supect_privacy_lawsuit/
Mobile forensics turns up heat on suspects (11 February 2007)
http://www.channelregister.co.uk/2007/02/11/mobile_forensics_guidance/
Vista encryption 'no threat' to computer forensics (2 February 2007)
http://www.channelregister.co.uk/2007/02/02/computer_forensics_vista/
Anti-Hacker’s Toolkit (11 July 2006)
http://www.regdeveloper.co.uk/2006/07/11/anti-hack-toolkit/
Police expert admits mobile phone forensics barrier (7 July 2006)
http://www.theregister.co.uk/2006/07/07/mobile_phone_forensics_barrier/