Mau tempo no canal: Storm Worm

Stormy weather for malware defenses
Robert Lemos, SecurityFocus 2007-03-05

When the Storm Worm swept through the Internet in mid-January, the program's writers took a brute force approach to evading antivirus defenses: They created a massive number of slightly different copies of the program and released them all at the same time.

On January 18, the day the misnamed program--a Trojan horse, not a worm--first appeared, more than 350 different variants were released, according to report penned by security firm CommTouch Software. Four days later, the number of slightly-different versions jumped to more than 7,300. By the end of January, more than 54,000 variants had hit the Internet, the report (PDF) stated, each one spammed out by computers previously compromised by the program.

"Virus writers' goals have changed," Amir Lev, CEO of CommTouch, said in an e-mail interview with SecurityFocus. "They are doing 'good' business now. They do not focus on finding vulnerabilities in Microsoft and other products, they look for 'vulnerabilities' (in) the AV (antivirus) systems."

Artigo completo na SecurityFocus

Comentário: a questão do polimorfismo em virus e worms não tem nada de novo...