Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Non-Tech : The Critical Investing Workshop -- Ignore unavailable to you. Want to Upgrade?

To: Dealer who wrote (31899)	9/6/2000 7:57:45 AM
From: Dealer	Read Replies (3) \| Respond to of 35685

RNWK--New virus hides behind old technology By Robert Lemos, ZDNet News A computer virus from the Czech Republic exploits four-year-old Windows NT technology to infect Windows 2000 computers. A new virus from the Czech Republic has anti-virus software makers rushing to analyze the ability of so-called "files streams" to infect PCs. File streams -- not to be confused with audio and video streaming à la RealNetworks Inc. (Nasdaq:RNWK - news) -- break programs up into a main code segment, or stream, and several alternate ones. Used for sharing data between programs, Microsoft Corp.'s (Nasdaq:MSFT - news) Windows NT technology first debuted in the Windows NT file system, or NTFS, but is also present in Windows 2000. • New DDoS attack targets chat, Linux machines • Super PC performance boosters • Web Surfer Power Tools • Download MP3 music Eugene Kaspersky, the head of the Russian anti-virus research company Kaspersky Lab Ltd. and the first to spotlight the Stream virus, theorized that hiding malicious code in a file stream would make it harder to detect. "Certainly, this virus begins a new era in computer virus creation," Kaspersky said in a statement from Moscow. "The 'Stream Companion' technology the virus uses to plant itself into files makes its detection and disinfection extremely difficult to complete." Most anti-virus scanners only scan the main stream of each program and could miss data hiding in an alternate data stream, Kaspersky said. New or not? But others derided Kaspersky's announcement as thinly veiled hype. "They have not proven anything here except that they can write data to an alternate data stream," said Russ Cooper, editor of Windows NT security watcher NTBugtraq.com, who moderated a discussion of the possible dangers posed by alternate data streams in 1997. That discussion concluded there was very little danger posed by the exploitation of the file streams system. "This is highly theoretical and not all that new," said Cooper, who pointed out that to infect a computer, the virus would have to infect the main stream of the program. That would make it visible to current anti-virus programs. The virus, created by two writers using the names Benny/29A and Ratter, does little else except infect files and it doesn't do that very well either, said Patrick Martin, product manager for Symantec Corp.'s (Nasdaq:SYMC - news) anti-virus research labs. Users should not worry about the virus attacking their computers. "This is a proof of concept," he said. "This virus is not going anywhere. It is not in the wild."