Michal Krejdl

27 May 2011

Friendship and an immortal virus

Yes, an immortal virus seems to exist ... at least in comparison to the usual life cycle of malware. While there are lots of malware families with very short half-life, there are only few with a long life. Parite (aka Pinfi) - a real long-playing evergreen - is one of them. Parite will reach the 10-year milestone this October. Gosh! Ten years! Can you remember what your computer looked like ten years ago? Ten years is an eternity in the world of IT. Just try to list what has changed and evolved during this period. There’s the obvious evolution of Windows and antivirus software for starters. But, despite all these changes, Parite is still with us.

This is surprising. Here are five reasons why Parite should have vanished:

  1. Parite has no major distribution/update network
  2. Parite is trivial
  3. Parite is well known and well detected
  4. The vast majority of AV engines (including us) is able to fully cure the infection (either during a regular scan or with a dedicated stand-alone removal tool)
  5. People tend to reinstall their OS from time to time and set up the computer freed from malware

But, there are still tens of Parite submissions in our reporting system every day - and they are definitely not false positives. I believe that Parite is spread only by file exchanges between friends (if we don't count spreading through net-shares in local networks). And this is where the individual user must make his or her decision: “Should I trust my friend that the file is clean (and subsequently report it as a false positive) or should I trust my antivirus app?". Parite will be immortal as long as the first group of users do not change their minds. And I'll have to tell Parite a “happy birthday” instead of “R.I.P” in October.

Threat Research, Security News