Not only is computer malware getting bigger, badder and more frequent, but it's also getting weirder.
Don't believe us? How about the Gattman Computer Virus, discovered in July by researchers at the Sydney branch of SophosLabs.
Unlike the majority of malicious software, which are Windows programs targeting the Windows operating system, this virus deliberately targets an analysis tool which is widely used by security researchers, said Sophos in a statement.
The Gattman virus spreads through the program Interactive Disassembler Pro (IDA), produced by DataRescue. IDA is one of the most popular "reversing" tools, and is used for converting the raw machine code inside program files back into human-readable source code form so that its behavior can be analyzed and understood.
Since Sophos is wise enough to figure that not everyone knows what the heck this means, they give the following example:
"Reversing is part science and part art, allowing security experts to go from something arcane like this:
9823a2ec dfe98986 4359e108 e1866fb0 126f2f3d 329a6591 9a01067b
to something readable and easier for technicians to understand, like this:
if day = friday then
if date = 13 then
repeat 100 times
print "freddy krueger!'"
It gets weirder. Sophos said the Gattman virus, is believed to have been written by members of the "Ready Rangers Liberation Front" (rRlf) and "The Knight Templars" (TKT) virus-writing gangs.
"Presumably, the authors of Gattman were hoping to embarrass incautious researchers by spreading a virus using the very tools of their trade," said Paul Ducklin, head of technology, Asia Pacific, SophosLabs. "Although just a proof-of-concept, and unlikely to spread except amongst researchers (or malware authors) who are both curious and careless, Gattman proves once again that malware authors are often willing to look for brand new avenues of infection."
Gattman is a polymorphic virus: a technique not often used by malware today - which means it alters (or mutates) its appearance as it spreads. Whee.
Well, we're not virus-researchers now are we? So, be on the lookout for...nefarious Microsoft PowerPoint files containing "humorous" Chinese-language philosophy about love between men and women!
Again in July, the fine folks at Sophos found a malicious Microsoft PowerPoint file that exploits an unpatched vulnerability and contains exploit code that drops the Troj/Edepol-C keylogging Trojan horse onto users' computers.
The Trojan horse also attempts to disable anti-virus products running on the infected computer.
The first slide in the presentation can be translated as follows:
What is romantic? You know the girl doesn't like him, but still sends her 999 roses; What is wasteful? You know the girl does like him, but still sends her 999 roses.
The next slide translates as:
There are two types of women: one is posh, and another is normal. The posh is for somebody else, the normal one is for family and husband.
During marriage a husband only sees his normal wife and during affair the husband will see the posh woman.
This is analysis of the reason why men have affairs. This is wonderful.
In total there are 18 slides in the presentation. And a whole bunch of nasty code intended to play havoc with your PC.
"The hackers exploiting this unpatched hole in PowerPoint appear to have timed the release of their malicious code to deliberately follow Microsoft's monthly security announcement," said Graham Cluley, senior technology consultant for Sophos. "The bad news for Microsoft and its customers is that there was no fix for this problem in that bundle of patches." Oops.
"The only people who are going to have a warm glow inside from the words of love in this presentation are likely to be the hackers behind the attack," observed Cluley.
IT laughs at itself
A British TV show has taken the best and worst of IT administrator stereotypes and packed them into a clever, side-splitting comedy.
The IT Crowd features Jen, who has been appointed as a supervisor in her company's IT department but knows nothing about computers. When asked during her job interview what she knows about IT, she says, "You know, e-mail. Sending e-mail. Receiving e-mail. Deleting e-mail. Um, I could go on."
But Jen's social skills are sorely needed to raise the profiles of Moss and Roy, two hopelessly geeky IT administrators banished to a dingy basement office strewn with hardware detritus. Roy arrogantly advises computer-challenged employees who call him with a problem to turn their computers off and on again, which usually allows him to go back to reading his comic books.
Coworker Moss is a stiff-spined nerd with thick glasses, whose deft technical knowledge but nonexistent social skills landed him a desk next to Roy's. When Jen makes the mistake in one episode of asking Moss a techie query, Moss's answer is humorously dubbed over with the sound of static as Jen blankly stares.
And then there's Richmond the Goth, whose Marilyn Manson-like attire sent his career path askew. He is now in charge of a mysterious bank of blinking lights that presumably power their building's network.
The show's creators have sprinkled surprising hints of cool for street-geek cred, such as the stickers on the IT office's door from the online rights advocacy group Electronic Frontier Foundation and the passive-aggressive slogans on Roy's technology-themed T-shirts. The IT Crowd pounds on nerd stereotypes-Roy stumbles and bleeds in several episodes, while Moss's odd rigidness renders him impotent in normal conversation--but their high comic moments melt any degrading perceptions of their jobs.
The show's successful six-episode run last fall has led Britain's Channel 4, a publicly owned nonprofit station, to commission another season.
-IDG staff contributed to this article.