Half a croissant, on a plate, with a sign in front of it saying '50c'
h a l f b a k e r y
Quis custodiet the custard?

idea: add, search, annotate, link, view, overview, recent, by name, random

meta: news, help, about, links, report a problem

account: browse anonymously, or get an account and write.

user:
pass:
register,


               

sleep

The Sleepy Worm
 
(0)
  [vote for,
against]

Firstly, Im not advocating the development of this worm. Im just wondering when we are going to see one crop up, and what we can do to prevent it.

The news is flooded with virii and worms that can move about very quickly. They spread like wildfire, moving very quickly from host to host. Likewise, anti-virus companies are quick to spot it.

When will we see a 'sleepy' worm? One that infects your computer, then goes to sleep. Heres what I see happening. The worm infects you somehow (exploit, opening an exe, etc). It adds itself to one of the startup locations, and goes to sleep. Each time its executed, it waits checks to see if x amount of time has passed (one week, one day, one month, etc).

If its been 'sleeping' for an appropriate amount of time, it wakes up and does a scan of the computer for any antivirus programs. It does this only after the computer has been idle for an hour, so as not to attract attention. If the coast is clear, it spreads itself (however, email, exploit, etc) to a few more victims, then goes back into sleep mode.

Heres my question. How will Anti-Virus companies every detect this type of worm? It spreads too slow to ever get noticed, unless there is a fluke chance that someone is watching. Really, the big worms are only noticed because they spread so fast, or have a really heavy payload. What methods can we use to stop it?

BTW, this is my first Halfbakery post :)

excaliber, Feb 04 2004

[link]






       It's already there, your anti virus software just cannot detect it. Did you check your bank and credit card accounts recently?
kbecker, Feb 04 2004
  

       There was an old virus (I think it's been well disposed of, becuase I can't find any links) called Beethoven's Birthday which infected your computer and slept until Dec10. On Dec10 it would play Beethoven's 9th symphony and wipe your master boot record.
reap, Feb 04 2004
  

       Hm, there are a few problems with this. First of all, a lot of antivirus software notifies you when a program tries to access the system software. Second, if it relies on e-mail to propagate, it will be found quickly. If it relies on an exploit, there is a chance it might be fixed before the "activation" date.
rgovostes, Feb 04 2004
  

       Thats true. Didnt think of the exploit being fixed, and surely outgoing emails would be detected. But what if it took precautions to make sure it didnt send emails on systems being watched (with AV running)? A sort of 'noble' worm, where it will sacrifice itself for the rest of the breed.   

       I guess there really isnt anyway to detect it, just hope that you can find it when it trys to spread.   

       HB looks pretty neat. :)
excaliber, Feb 04 2004
  

       I am not going to claim to know anything about computers but couldn't someone make an anti-virus that checks if any files have been added to the computer that wern't approved by the user? They could do what some web-sites do and make you type in the letters in a picture to make it harder for the virus to get on the computer in the first place.   

       Or couldn't a scanner be put into computers that detect any program that does anything without the user telling you to, then notifies the user as to what the program does
keithbrunkala, Oct 17 2007
  

       Maybe the most successful virus is Windows - 90% of computers infected, and hosts actively seek and install new versions of the virus. It is malicious only occasionally, corrupting the odd file here and there. Perfect parasite.
MaxwellBuchanan, Oct 17 2007
  

       Alas, your first and last post. I belive this virus exists. Actually, newbies to the world of virus-making make these all the time. They get eradicated quite easily. In fact, even if some poser geek miraculously finds a way to get it around successfully, it might not even have any effect on the computer except for existing (forgetting to give it a purpose is typical of the dabblers). Sort of redundant, no?
Shadow Phoenix, Oct 17 2007
  
      
[annotate]
  


 

back: main index

business  computer  culture  fashion  food  halfbakery  home  other  product  public  science  sport  vehicle