mm said:
A curiosity question, but probably with practical uses eventually:
My frrend with the virus seems to have gotten 6 more viruses in two
weeks that she and I and another friend have been trying to get rid of
the first one.
The one with the 'five specific threats' would be more correct than the
one with 'viruses'.
However, some of those threats can indeed be considered 'viruses'.
Is that likely because
1) The first virus calls up his friends and says "Come on over. I've
got plenty of beer",
As I recall, Hybris got 'plug-ins' from encrypted plug-ins posted to
alt.comp.virus. One such plug-in allowed Hybris to spread in a viral
manner as well as its own native e-mail worm vector. If Hybris executed
on the victims machine, it introduces the *unknown* factor into the
equation and makes "flatten and rebuild" look like a better option.
Magistr just does what it does (no added *unknown* functions) - there is
a nasty payload as well as a rather tame payload, and the detection of
legal documents on the current host might trigger the more nasty
payload. Your AV should be able to handle Magistr removal.
or
2) The webpage scan scam that she fell for in the first place
installed more than just that first virus,
Possible, but the scareware does not qualify as a virus. It gets
distributed in the manner that you describe, but does not distribute
*itself* (known as 'spreading') like viruses and/or worms do.
or
3) The first virus disabled her real-time virus checker.
The scareware (not a virus) probably did this.
2 or 3 of her viruses are supposed to arrive by email,
Yes, Hybris and Magistr are both primarily e-mail vector worms (pseudo
worms I like to call 'clickworms' - if not for the need for the user to
click, they would be true worms).
but she still didn't click on any attachments, so how
would that have given her extra viruses?
Maybe they weren't ever executed, and an e-mail scanner is picking up on
them. You never did mention *where*, *what* was found.
Join the club.
D
Many of the official vendors' sites add to the confusion. If you are
going to discuss malware, it is important to agree on terminology. Many
places online seem to have their own unique definitions for worms,
viruses, and non-self-replicating malware.
So do I.
It helps to think of worms and viruses as self-distributing mobile code.
They have the ability to replicate more than just themselves, so can
carry a 'payload' which makes them a favorite for malware distribution.
If someone chooses a beneficial payload, they would still be considered
inherently bad because there are safer ways to distribute beneficial
payloads without the risk of uncontrolled outbreaks or unanticipated
behavior.