A spate of minor Cabir variants has arisen in the past few weeks. Looks like it's up to G now.
Not really of much interest except that F-Secure now has a generic detection for Cabir. Considering that most "variants" are simply the Cabir worm with a few internal strings modified it is interesting that it has taken until now.
The size of detection databases has been a point of discussion on the Win32 side for some time. It is even more relevant with regard to the relatively limited resources of smartphones. As mentioned recently, types of detections can sometime be an indication of the limitations of a given scan engine. Six to seven independent detections for highly similar variants is a bit wasteful.
Unlike certain Win32 trojans and worms, the source code for Cabir has not been made available. Lacking source code but having a number of functional descriptions it is of note that no copycat/clones of Cabir have been released. The existing variants are minor "script kiddie" alterations. Essentially, the threat is minimal and could have been handled by a generic detection around the time of the C and D variants.
Subscribe to:
Post Comments (Atom)
Auto "Kill Switch", solving the wrong problem?
Consumer Watchdog, a consumer advocacy group, put out a report on the dangers of Internet connected cars. They received coverage on the nigh...
-
Consumer Watchdog, a consumer advocacy group, put out a report on the dangers of Internet connected cars. They received coverage on the nigh...
-
A number of factors drive malware on new platforms. The chance for pure discovery and experimentation, the desire to be the first, a need to...
No comments:
Post a Comment