Hi cnm, hi everyone,
Please, correct me if I'm wrong as lines below sometimes are only thoughts and opinions.I'm not going to write the history of malware but just a few words before
some comments about HijackThis...
- in the very beginning were viruses which consisted in additional code to system files so that the size was changed and the virus was launched when we started the infected programs. An antivirus mainly checked the
size of programs: we got messages warning the size had changed and asking whether or not we validated it. At the time, a program could be infected several times so that the size could increase on and on!
- a further stage consisted in the replacement of parts of program code by the code of the virus without any change in the size. An antivirus was trying to recognize characteristic strings in the programs: the "
signatures".
- then "viruses" became more sophisticated with infection of other files than system programs (Word, Excel files and any macro-instructioned files), with automatic launch (autoexec macros, start folders, autorun registry keys, etc.)
...
To clean a system, we had
antidotes which were specific tools, dedicated to specific viruses.
~~
The result of the brainstorming session at CEXX (see lines in the initial post) led to HijackThis!
As you know, HJT has been a wonderful program which was used to list and easily clean any infection!
HJT was being used at least for 4-5 years as the only program. It was so wonderful that it practically prevented any other tool to emerge!
The secret was that HJT was not dedicated to a specific malware but to a method: it listed the keys of the registry that were used for automatic launch of elements at Windows start... the result was that it listed any content without interpretation bad or legit... a consequence of this "philosophy" was that humans had to analyze the logs and detect badies (an antidote contains this analysis and decision)... hence the schools and our stuff!
HJT was a success and was the tool number One (without any competitor)!
In fact, HJT has not been as successful as expected because it nethertheless needed continuous improvements as pirates were finding out news methods to start baddies (Windows has oodles of possibilities to automate tasks... too many possibilities).~~
Back to antidotes for a while...
Merijn also developed a superantidote named
CWShredder that was targeting the Cool Web Search family, a series of horrible malware Merijn was specialized in!
Merijn decided to
sell CWShredder to Intermute on October 19, 2004
- http://www.wildersse...ead.php?t=71451
- http://www.lockergno...res-cwshredder/
- there was a very long article mentioned at http://www.merijn.org/articles.php , unfortunately http://www.cwshredde...chronicles.html is now dead
NB: Intermute was then acquired by Trend Micro in June 2005.
I remember a discussion on SWI between Merijn and pilar members reproaching the sale (I could prolly find the URL) in which Merijn was saying CWShredder was a tool of his and he could decide freely but on the opposite, he considered HJT had been designed collectively and was not his tool and he would never sell it!!!
Rights on HijackThis were sold to Trend Micro on March 12, 2007
- http://www.merijn.org/oldnews.php
- http://news.cnet.com..._3-6167308.html
- http://us.trendmicro...0322131808.html
Again, I don't want to start a debate: please, correct me if you don't agree with my statements.
I just wanted to relate and comment on HijackThis history.~~ edited to improve presentation.
Edited by ipl_001, 01 August 2008 - 04:46 PM.