Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Security

+ - Malware starts using the mouse to hide itself->

Submitted by Anonymous Coward
An anonymous reader writes "Security vendors have to analyze and detect millions of potential threats every year. However, you can’t analyze all potential threats by hand, so automated threat analysis systems are employed. These typically look at suspicious files in a virtual machine and test each one quickly to see if it poses a threat.

The malware developers know such systems exist and have therefore employed countermeasures to try and avoid detection. Symantec has discovered that some malware won’t start running unless it detects activity from the mouse. Why would malware writers do this? Mouse activity is done by a user, and in an automated threat analysis system a user isn’t present and therefore no mouse activity is required.

Some malware has also been found to go to sleep for several minutes and then wait several more minutes once active before infiltrating a system. The reason for this is a typical automated threat analysis system looks at individual files very quickly, so waiting to execute helps ensure the malware is on a real system and not a virtual test environment."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Malware starts using the mouse to hide itself

Comments Filter:

To downgrade the human mind is bad theology. - C. K. Chesterton

Working...