Malware Uses New Disguise to Attack
Malware writers are applying malicious code dubbed HckPk to hide the true identity of their worms making them easy to get past anti-virus tools.
The HckPk is a family of encryption and packer tools, according to Sophos' findings. It has made the most significant impact on computer users during February 2007 i.e., allowing more than 50% of the malware to circulate. For an evil bugger HckPk is a handy program that has effectively masked big worms like Dorf, the worm that hit widely in January 2007.
They disguise their malware in a new way, said Graham Cluley, senior technology consultant with anti-virus vendor Sophos. Itnews.com.au published Cluley's statement on March 2, 2007. They fire their regular weapons but with a new coat of paint. Sophos had detected numerous new variants of the Dref and Dorf worms. They were all the same malicious code in various disguises, Cluley said.
According to analysts at Sophos, the HckPk first emerged late last year. At that time they couldn't recognize the masking software. They thought the same worm came in different versions, until February 2007.
Apart from hiding worms the HckPk constantly modifies its disguises to successfully dodge IT defenses.
Sophos' list of top ten malware threats last month placed HckPk as the most dangerous making a stake of 50.3% in the World Worrisome Wibble. Netsky followed with a significantly low 15.1% and Mytob with 12.5%.
Sophos' analysts figured that HckPk estimated for over half of all malicious software during February 2007. According to Cluley, there were nearly 6,000 variations in disguises of the Dref and Dorf worms in January 2007 alone. At the time when the famous Storm Worm hit the Internet it morphed as many as 1,500 times, all in its first weekend, says Cluley.
Sophos' senior security consultant described HckPk as Mr. Potato Head because it disguises to beat anti-virus defenses into believing that the attachment is harmless, while it actually contains malicious code.
Users need to update their anti-virus protection so they can proactively identify previously unknown malware. Those failing to do so could soon find themselves in the long queue of victims.
Related article: Malware Authors Turn More Insidious
» SPAMfighter News - 16-03-2007