-
add to favourites
About the hazards of optimisation
Tuesday, May 23, 2017
Downloading large files and opening emails with bulky attachments not only takes a lot of time but also may freeze the application we're using at the time. And scanning a huge archive when a download is complete can result in a timeout, and then the download will have to be restarted.
However, most malicious programs are small, and if the Internet connection is slow, large files can be excluded from scanning.
Important! The statement above does not apply to viruses (a type of malware). Unlike Trojans, they can infect files of any size, even those smaller that the virus source file. But that’s a topic for another issue.
When users optimise their anti-virus software, they create opportunities for infections to sneak in!
The XXMM, ShadowWali and Wali malware strains hide their code in files whose size can vary between 50 MB and 200 MB (the file size is increased using nonsensical data). Meanwhile, the actual size of the malware hardly exceeds a few kilobytes.
Once the malware is installed in a system, it will inject its code into the explorer.exe (Windows Explorer) and lsass.exe (Local Security Authority Subsystem service) processes. The malware programs then download additional components, including the Mimkatz module, in order to steal credentials from the target computer and explore the local area network (LAN). The stolen information is used to navigate through the network and search for other important data.
Dr.Web detects the malicious programs mentioned above as Trojan.MulDrop7.13789 and Trojan.DownLoader22.41336. Systems protected by Dr.Web won't be compromised by these malware programs unless users change the anti-virus’s settings so that they give attackers an opening.
#anti-virus_scan #Dr.Web_settings #TrojanThe Anti-virus Times recommends
If your PC's hardware is powerful enough, do not disable scanning for large files.
The Win32.HLLW.Flame worm is considered the largest malware program. Because its size exceeds 6 megabytes, virus analysts have dubbed it a “Trojan elephant”. But it’s not the heavyweight champ. Written in Delphi, a Trojan.PWS.Banker strain occupies more than 15 megabytes. Its authors didn't bother with tricks like injecting malware code into browser processes, modifying web pages or intercepting traffic and directing users to bogus sites. Instead, they created a fake Microsoft Internet Explorer window with all the normal buttons, toolbars and menus in the hope that users won't notice it’s a fake. Another Trojan of Korean origin was written in Visual Basic and spread via torrent trackers in the guise of an AVI video file. And its size was… 650 MB!
![[Twitter]](http://st.drweb.com/static/new-www/social/no_radius/twitter.png "Shared 0 times")
Tell us what you think
To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.
Comments
vasvet
06:58:03 2018-07-22
Неуёмный Обыватель
03:43:35 2018-07-21