VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Asmodeus takes a look into the crystal ball

Xine [5]

[Back to index] [Comments]

Recently we have seen a drastic change in virus coding and it will happen again. Almost every third virus released today have the abillity to propagate over email. Also the number of polymorphic viruses have increased. So what is the reason for this? The answer is pretty simple, as cutting edge virus technoology gets old it becomes some what of a standard. This due to the fact that there is a lot of information about the topic. Polymorphic engines are not very diffcult to code (depends on complexity) and there is a lot of good articles/tutorials out there describing the subject. This is not specific for viruses, it can be applied in all areas of research. Today all decent AV programs have the option to download updates from the internet and contains a more or less good emulation/heuristic engine. But what exacly can we expect from the future? The answer is MUCH! As the world get more and more globaly connected with more powerful communication devices the perfect spawning pool for viruses is created. The era of airborne viruses are here, the viruses that self-propagate over networks. I wrote an article a long time ago about network-aware viruses (titled Internet-aware viruses :) ), and my predictions came true, just some months after the release of the article melissa was released and the rest is history (hehe yet another korny line :)). Well you know what I mean, how many new worms/viruses out there doesn't use MAPI spread functions?

The average computer user is stupid and ignorant when it comes to security and viruses but sooner or later they will come to the conclusion that maybe they shouldn't open that attachment called README_____TXT.exe in their mailbox. This is when the use of buffer overflows will take place. Recently a buffer overflow was found in Microsoft's Outlook products. At the time this article was written it had not yet been exploited, but it is just a matter of time. But a security hole can be patched so those viruses exploiting the hole could cause explosive outbreaks but they will be short lived. Also insecure active-x controls and script bugs will be used to automate the spread over email. The user no longer needs to download/run the attachment, only login in to your mailbox will be sufficient to get infected. In some cases you might have to preview or read the email but the attachment obstacle have been surpassed.

By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! aka