The Latest Computer Virus is So Smart That It Won’t Even Attack if It Detects Defenses

8280822928_96f83c9e86_m[1]With the threat of viruses, malware, and hacking nearly as old as computers themselves, there's an ongoing arms race between those who would attack your computer and those who would help defend it.

As Ars Technica reports, one of the latest forms of malware is so sophisticated that it won't even attack if it detects certain types of defenses.

A couple days ago Ars reported on CryptoWall 2.0, a type of ransomware which apparently won't even attempt to compromise your computer if it detects certain apps:

The installation components of CryptoWall 2.0 are cloaked by multiple levels of encryption, with three distinct stages of installation each using a different encryption method to disguise the components installed. And like many modern pieces of malware, CryptoWall 2.0 has a virtual machine check in its code that disables the attack when the malware is installed within a virtual instance—in part to prevent security researchers from isolating and analyzing its behavior.

The VM checker code, in the first stage of CryptoWall’s dropper sequence, checks the system for running processes, searching for VMware and VirtualBox services or the Sandboxie application partitioning library. If the coast is clear, the code does some best practices-based memory handling to release memory used in the initial drop mode, then launches another dropper disguised as a Windows Explorer process.

If CryptoWall does gain control of your computer, it will hold your files hostage until a ransom is paid, usually in Bitcoins (hence the name ransomware).

This story came to my attention via Rich Adin's An American Editor blog. He'd been paying closer attention to this issue than I because in late 2013 he had been hit twice by ransomware after clicking links sent to him by idiot clients.

4877549041_79c5c961db[1]

As a professional book editor, Rich sometimes doesn't have the luxury of simply ignoring links which aren't completely safe, not if he wants to do his job to the best of his abilities. And so he's had to take additional steps to protect himself, including installing utilities like Sandboxie.

So far I have been either lucky enough or paranoid enough (or both) to have avoided encountering any ransomware or permanently damaging malware, but I think I might follow Rich's lead and add another layer of security.

As the NYTimes reported recently, attacks by this ransomware are growing increasingly common, so if nothing else the cost of prevention is generally cheaper than the expense of cure.

images by Robbert van der Steegeviltomthai

About Nate Hoffelder (11598 Articles)
Nate Hoffelder is the founder and editor of The Digital Reader:"I've been into reading ebooks since forever, but I only got my first ereader in July 2007. Everything quickly spiraled out of control from there. Before I started this blog in January 2010 I covered ebooks, ebook readers, and digital publishing for about 2 years as a part of MobileRead Forums. It's a great community, and being a member is a joy. But I thought I could make something out of how I covered the news for MobileRead, so I started this blog."

1 Trackbacks & Pingbacks

  1. Daily Links: New Update Available for Kindle Keyboard | The eBook Evangelist

Leave a comment

Your email address will not be published.


*