So the last lab session I attended during HITB was Ching Tim Meng’s presentation on malware detection and removal with antivirus.
- VIRUS! DIE!
In his presentation, he purports that malware requires the stability of the system to survive, and defines malware as a “software designed to infiltrate or damage a system without the owner’s informed consent”. He goes on to list types of malware, including trojan horses, viruses, worms, logic bombs, etc.
I feel that he made one big mistake in that assumption. Let’s take for example -
I’m sure everyone remembers this little dialog box here. The Blaster Worm certainly did not require the stability of the system to survive. In fact, making the system unstable and unusable (after a minute) (without typing shutdown -a) was its primary and only goal.
Witty Worm
Not too far back in 2004, Witty was discovered. And yes, it does destroy the system as well. In fact, it would corrupt the system so much to the extent that at one point, the worm itself would cease to exist.
I’m sure there are more of these malware out there that aren’t as well known, but they do, somehow or another, infect and corrupt your system, one way or another.
However, while his methods of removing malware are not always foolproof and his assumption isn’t exactly accurate either, I would say that his effort was commendable and his method was easy enough for most to understand.