Wednesday, November 04, 2009

worst malware analysis ever

Symantec has decided that Lose/Lose is a trojan. It is, in fact, a video game that deletes files. The game's web site warns that the game deletes files. The game itself warns the player that it deletes files. There is nothing whatsoever malicious about a program deleting files after warning the user that it will delete files.

Why does Symantec (oh, Trend too) think this is malware? Because "there’s nothing stopping someone with more malicious intentions from modifying it slightly and then passing it on to unsuspecting users, causing significant damage to a computer." By that logic, rm should be considered malware because it could be modified (say, by renaming it) to delete files contrary to a user's expectation. Frozen Bubble must be malware too, because it could easily be modified to delete files!

No comments: