Virus Developers Unveil Gattman: A New Threat to Security Analysis Tools
Recently, a group of virus developers has “invented” a virus named Gattman, targeting a widely used analysis tool among anti-virus researchers.
However, evaluations suggest that only independent anti-virus researchers are likely to be infected by this virus, as their interest in malware often stems from curiosity rather than the potential threats these programs can pose.
Gattman primarily spreads through a program called Interactive Disassembler Pro (IDA) – a popular reverse-engineering tool developed by Data Rescue. This tool is extensively used in anti-virus research laboratories, enabling researchers to reverse-engineer program files back into their original source code format.
This virus directly infects IDA’s scripting language. However, the resources for this scripting language are often shared among researchers, which may explain why Gattman has the opportunity to infect this very language.
Currently, Gattman is programmed to spread automatically without causing any damage or downloading additional malware.
Carole Theriault, a senior security consultant at Sophos, believes that the creator of the Gattman virus might simply want to “challenge” careless security researchers.
Gattman is a polymorphic virus – a programming technique that has fallen out of favor in recent times. This means that the virus can change its shape every time it is disseminated.
Although the Gattman virus does not cause any damage, its emergence has rung a new alarm bell for the security community. This alarm warns of a “surge” in profit-driven trends within the malware programming community. To bypass security tools and attack users, malware developers are not hesitant to target the very anti-virus security tools themselves. Perhaps the best defense for users is to exercise extreme caution.
Hoàng Dũng
