Last September I wrote about how malware will become more destructive in the near future (http://michaeltheroux.com/2011/09/30/cyberwar-reality-its-all-about-the-payload/) and it appears this prediction is already being realized.
Yes, malware that possesses a destructive component is back – and it will only increase in severity in the new year. Why haven’t we heard more about this from the media and antivirus companies? There could be several reasons for this, but one of the main reasons is that the infected machines are usually rebuilt before further analysis is exhausted. I’ve had several customers in the last few months (ones who are somehow repeatedly infected) call me with serious issues such as not being able to open any applications on their machines, missing directories and files, and not being able to connect to any networks. After a brief diagnosis, I found that in each case the user tried to get rid of the malware themselves – this in turn triggered the malicious behavior. In other words, the malware becomes destructive when it detects that something is trying to get rid of it.
While this has been a tactic of ransomware (usually fake antivirus programs) for years, it is on the rise in many other forms of malware. As usual, it appears to be restricted to Windows users at this time. Users beware – destructive malware is back in fashion.