Anti-Malware-Malware!?!
Naïve Samaritan or well-meaning school kiddy are no excuses for poor judgment when it comes to writing anti-malware tools that behave just like malware [1]. However, some people just fail to do their research.
Enter SpenserNK - an Anti-USB-malware program which happens to operate by infecting removable devices, and keeping a library of its contents for matching at some later stage to determine whether an infection has occurred.
After copying itself to any removable media and creating an autorun.inf file to launch itself, SpenserNK quietly sits in the taskbar awaiting new USB devices to be inserted so that it can query the library for modifications (and to copy itself to it!)
But seriously! So called “good worms” or “good viruses” (e.g. Cruncher, the compression virus) are inherently a bad idea as discussed by Paul Ducklin [2,3] (the discussion in the podcast is at 20minutes in).
Needless to say, this anti-malware-malware is detected as W32/Spenser-A (and I’m hoping never to see a -B!)
Posted on June 22nd, 2009 by Pete, SophosLabs AUFiled under: General, Malware
Windows 7 security - A great leap forward or business as usual?
