The Nemim.gen Trojan
This clever piece of malware evades forensic examination by deleting its own components.
Posted on April 18, 2013 at 11:36 AM
Yeah, I have to admit, this is nothing new. Other articles get more into the technical details where there may be something new, but this concept is one of the first ones a malware developer who was serious about stealth would come to understand.
Probably a lot of the systems using this manner of functionality simply are not caught.
"Hmm you were one of the "Guns for Hire" I used to talk about at that time when much of the security industry and academic researchers were trying to portray such malware activities as being "uber script kidies" doing such things for "ego food"rather than for monetary gain.
I could be petulant and go "Nah Nah told you so!" to those industry "pundits / gurus" but to be quite honest I'd rather just smile politely and carry on making my predictions (and hopefully living long enough ;-) to see if I call them right or not."
The price of consistently coming up with bright ideas is you have to remain at least somewhat anonymous when doing so, and just shrug off the patent trolls of the world... or others who have a far more exhaustible supply of good ideas and bicker on "owning" them.
The pleasure is one sees the future, and can be a profound, though unseen influence.
Didn't some DOS TSR viruses move themselves around memory when they detected an antivirus running?
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient Systems, Inc.