This post won’t make you smarter. Move on. You have been warned π
This article on Wired talks about Mikko Hypponen’s war on malware. I haven’t read it π
What caught my attention was a screenshot of Hiew showing some err… malware.
It triggered my interest so I investigated it by looking at it closer:
Zoom. Enhance. Hiew 7.10 has been used. Current version is 8.22. This is an old screenshot.
Zoom. Enhance. With the right equipment it can be enhanced
Hiew: AgtX0408.exe
Googling around forΒ AgtX0408.exe brings us the following link:
http://activex.microsoft.com/activex/controls/agent2/AgtX0408.exe
Downloaded the file
The visual comparison brings us the following result:
Bingo.
Conclusion: image recycling at work & this is not a malware.
At least it was a step up from the matrix screensaver!
Hi there.
I looked for the image…it’s hex.gif that I created in December 2005. I guess I needed a hex image for something at the time. For the life of me, I can’t remember if the file I was looking at was clean or not. It could have been an infected version of the file. I don’t see why I would have had the file on me otherwise.
Anyway, thanks for the sleuthing!
Mikko
@Mikko: Thx, one day your biographer will find this post being an invaluable source of information haha π btw. I am pretty sure I saw this screenshot before on F-secure web site π
And it hasn’t occured to you that this screenshot was just to get a pretty picture ? Where does it say you are looking at malware anyway ?
@Marcel: the ‘malware’ is all over the Wired article (that I have not read), so while you are right, I am not wrong either π I actually thought of this post as a 1st of April quality cuz it’s completely pointless, but due to my holidays I posted it a bit earlier
Anti-Virus companies do not like to use actual malicious code for any edu or demo purposes, because they fear bad PR. (There are a lot of paranoid people who claim AV companies secretly make malware to sustain their own business.)
@Guido: indeed π