This is only too logical.

Over two years ago, a couple of anti-virus firms noted that a couple of virii were written with the idea of being able to be updated over time. The problem with all of this is of course the need for a more or less fixed point from which the virii clients contact an update server (likely another suborned machine) and vice-versa... the reason why we haven't seen this executed on a wide scale is the fair amount of ease with which IPs are traced.

An analogy one might use is this: It's one thing to leave a bomb ticking away in a box on a street corner and then walk away. It's quite another to walk up to it later, disarm it, and put a new on in it's place over and over again without attracting attention to yourself at some point.

Not to me...

I would have expected if you (as a hacker/virus writer) want to update a virus, why not simply release a new update-virus that is easily picked up by an infected computer? If you make the update-virus harmless for other PC's, it most likely will get a fairly low danger-rating for most antivirus tools (giving it time to spread).

It would eliminate the need for a "central" server, making it much harder to trace.

Alternatively, I wonder if it were possible to get an update file in the google-cache. The virusses would then simply look in the google cache for an update, again making it harder to trace the source.


Jörg