Fushigi
Storage Is My Life
Most modern malware writes itself as different random names. Sometimes as names that sound like Windows components, sometimes just random characters. It's one way they try to deflect scanners from finding them. Another way is to use polymorphic code - code that re-writes portions of itself with every machine it gets on. This makes file checksums useless from a scanning POV. The best bet against polymorphic code is a "deep scan" where each file's code is run through a heuristics engine.
So whatever random file you found .. you can submit that to any of the major AV vendors and most products will gain protection within a few hours. They share research believe it or not. I was recently at a McAfee customer presentation (my employer uses VirusScan Enterprise and some other McAfee stuff) where the head of their AVERT labs - the research division - gave a talk. On the subject of sharing, each company used to keep their research to themselves but eventually realized that they needed to share for the greater good of the computing community.
BTW one of the cool things McAfee is doing is using cloud computing to aid in the malware fight. For instance, if the feature is enabled and their AV/AS on a customer's desktop detects something that it thinks is bad but it has no active detection for it (signature, heuristic match, etc.), it can send the suspect file into the cloud and McAfee's Artemis AI engine will examine it and render a verdict & basic detection code in less than 10ms. The result is pushed back not only to that client machine but to all clients, resulting in immediate protection, globally. These checks are usually MD5 hashes, which aren't perfect. But they work for the moment. Then, the researchers can write better detections and roll those out in future updates (replacing the MD5 with the new algorithm). Typically, since attacks frequently use common code, thousands of MD5s will be replaced by a single algorithm which helps keep signature file size manageable.
And if I can make a minor soapbox statement to the group, this is why we should all be running anti-malware apps. Regardless of platform, how safe our surfing habits are, our ability to spot spam a mile away, and any other actions we take to keep our systems clean, this kind of thing can still happen.
So whatever random file you found .. you can submit that to any of the major AV vendors and most products will gain protection within a few hours. They share research believe it or not. I was recently at a McAfee customer presentation (my employer uses VirusScan Enterprise and some other McAfee stuff) where the head of their AVERT labs - the research division - gave a talk. On the subject of sharing, each company used to keep their research to themselves but eventually realized that they needed to share for the greater good of the computing community.
BTW one of the cool things McAfee is doing is using cloud computing to aid in the malware fight. For instance, if the feature is enabled and their AV/AS on a customer's desktop detects something that it thinks is bad but it has no active detection for it (signature, heuristic match, etc.), it can send the suspect file into the cloud and McAfee's Artemis AI engine will examine it and render a verdict & basic detection code in less than 10ms. The result is pushed back not only to that client machine but to all clients, resulting in immediate protection, globally. These checks are usually MD5 hashes, which aren't perfect. But they work for the moment. Then, the researchers can write better detections and roll those out in future updates (replacing the MD5 with the new algorithm). Typically, since attacks frequently use common code, thousands of MD5s will be replaced by a single algorithm which helps keep signature file size manageable.
And if I can make a minor soapbox statement to the group, this is why we should all be running anti-malware apps. Regardless of platform, how safe our surfing habits are, our ability to spot spam a mile away, and any other actions we take to keep our systems clean, this kind of thing can still happen.
