Malware Becoming Impossible to Fight

Posted on April 6, 2006

An eWeek article cites Microsoft security officials as saying some malware is becoming almost impossible to remove.
Offensive rootkits, which are used hide malware programs and maintain an undetectable presence on an infected machine, have become the weapon of choice for virus and spyware writers and, because they often use kernel hooks to avoid detection, Danseglio said IT administrators may never know if all traces of a rootkit have been successfully removed.

He cited a recent instance where an unnamed branch of the U.S. government struggled with malware infestations on more than 2,000 client machines. "In that case, it was so severe that trying to recover was meaningless. They did not have an automated process to wipe and rebuild the systems, so it became a burden. They had to design a process real fast," Danseglio added.

Danseglio, who delivered two separate presentations at the conference-one on threats and countermeasures to defend against malware infestations in Windows, and the other on the frightening world on Windows rootkits-said anti-virus software is getting better at detecting and removing the latest threats, but for some sophisticated forms of malware, he conceded that the cleanup process is "just way too hard."

"We've seen the self-healing malware that actually detects that you're trying to get rid of it. You remove it, and the next time you look in that directory, it's sitting there. It can simply reinstall itself," he said.
The article said a Microsoft official suggested company's come up with an automated method for wiping hard drives and reinstalling the operating system. It sounds like a defeatist attitude but for some heavily infected machines there may not be a better option.