Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Security

Security

Gattman - New Polymorphic Virus

The virus targets the Interactive Disassembler Pro utility

By Marius Oiaga, Technology News Editor

10th of July 2006, 14:26 GMT

Adjust text size:


Gattman is a new viral threat designed to spread within malware analysis labs by a new method of infection. A malicious piece of software that runs on the Windows platform, Gattman targets the utility
Interactive Disassembler Pro (IDA), an analysis tool implemented on a large scale by security developers.

"W32/GattMan-A will also attempt to locate the following utilities on the infected computer's hard drive: Exe32Packer, PePack, Spec, Upx and VGAlign. A message hidden inside the virus reads: [Gattaca] [Darkman/TKT] [Second Part To Hell/rRlf]," said Sophos.

The IDC is a reversing tool used to translate machine code into readable source code. When run on a computer, Gattman will scan for and infect the IDC files, and on execution of the compromised IDC files the virus will be executed. The IDC is a script programming language used to enhance the behavior of the IDA tool. Being a polymorphic virus and targeting file-morphing utilities, Sophos researchers have concluded that the average user is less exposed to such a threat as it seems that it focuses on security companies.

"Whereas analysts are usually very careful about exchanging EXE files, since so much malware spreads that way, it is often only in professionally-run and security-conscious malware labs that the same sort of precaution is taken with every type of file," said Paul Ducklin, Head of Technology, Asia Pacific, SophosLabs. "Presumably, the authors of Gattman were hoping to embarrass incautious researchers by spreading a virus using the very tools of their trade. Although just a proof-of-concept, and unlikely to spread except amongst researchers (or malware authors) who are both curious and careless, Gattman proves once again that malware authors are often willing to look for brand new avenues of infection. In this case the virus's creators appear to be doing it for kicks rather than financial reward."


Rating:
Good (3.1/5) 8 vote(s) so far    

Read by 1,836 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Windows Zombie Alert!

Kukudro-A Climbs Aggressively in the Malware Top

McAfee - 200.000 Virus Definitions

Kamasutra, The Sexiest Worm of 2006

Websense Googles for Malware

Sober-Z Dominates the First Half of 2006

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive