Forkbomb Protection: A Critical Addition to Bitdefender's Security Features

I suggest that Bitdefender consider adding protection against forkbombs as they can cause severe performance issues and even crash a system. With the increasing use of multi-core processors, forkbombs can be especially devastating as they can quickly consume all available resources. Additionally, forkbombs can be used as a form of cyber-attack and can be used to launch distributed denial of service (DDoS) attacks. By offering protection against forkbombs, Bitdefender can help ensure the stability and security of its customers' systems.

An example of a highly dangerous batch file that can cause severe performance issues and crash a Windows system is as follows:

:s
start %0
goto s

Find more posts tagged with

Completed

Status: Completed

Comments

Eivind

How long does it typically take to receive a response regarding a suggestion like this?

Flexx

https://community.bitdefender.com/en/discussion/comment/320091#Comment_320091

@Alexandru_BD or @Mike_BD can share your feedback with malware research team.

Regards

Eivind

@Alexandru_BD, @Mike_BD any updates regarding this case?

Scott

I had never even heard of that one before. @Eivind Usually it's just members who vote on or comment on an idea. Then, after there's been a little back and forth discussion, an Admin may weigh in and post some feedback.

Alexandru_BD

Hi,

Whenever an idea is posted in this section, all members can vote and a selection of feature requests is sent to our development teams on a regular basis. Kindly note that we cannot guarantee that all suggestions will be implemented, nor that an immediate response will be provided here. Some of the ideas collected may be declined from start, while others may be considered at a later time and reviewed during other developments. There are also ideas that can receive positive feedback from start and whenever this happens, they are usually added on the product roadmap.

We haven't received feedback for this particular idea just yet, but as soon as we do, we'll post the news here and update the idea status.

Regards

Alexandru_BD

@Eivind I just got word from the antimalware researchers. It's work in progress, currently in beta testing and they estimate the protection will go live by the end of next week.

So there you have it 😉

Thank you very much for your contribution! 🤝

Flexx

https://community.bitdefender.com/en/discussion/comment/320742#Comment_320742

I collected various samples from the internet related to forkbomb and found that bitdefender does detect some of them and the undetected ones were sent to malware research team for analysis.

Regards

Scott

Help me with my ignorance, but in my quick research on fork bomb, I see articles written about it around 2015 and 2017. Why wouldn't Bitdefender already be blocking it, aware of it? Even on Wikipedia, an early variant of it (1978) was called a rabbit virus. So this is nothing new, right? So is it really a feature update we need, or a virus signature that we should already have, or that advanced threat should pick up on?

Thank you for any help you can give me in what I'm missing and not understanding :) :)

Alexandru_BD

There's a story here. Indeed, forkbomb it's something known and Bitdefender had some generic detections on it, but not really on every variant, even if some seem quite trivial to detect, I don't know if it made sense to add a detection on the specific variant X, because if the smallest change would occur in the future, it would not detect it anymore. The developers worked on something more generic on the AM-SDK side.

However, we must take into account that a forkbomb is actually a kind of a joke or something that can lead to a poor use of the system, I don't think that a classic forkbomb (which btw can be done by quite a few methods if we are to expand this ) can even be considered malicious.

If it were something that ensures its persistence or communicates "externally" to conduct other malicious actions, then we are still talking about something else that is expected to be detected by Bitdefender's several layers of protection.

Scott

Thank you, Alexandru. The part that made me smile in affirmation is this:

"If it were something that ensures its persistence or communicates "externally" to conduct other malicious actions, then we are still talking about something else that is expected to be detected by Bitdefender's several layers of protection."

Flexx

https://community.bitdefender.com/en/discussion/comment/320815#Comment_320815

Even if signature based detection is not available for each and every variant of forbomb and since forkbomb in itself is not a malware but just a file that can crash a window or hamper the performance of windows then at least behavior blocker which in case of bitdefender is advanced threat defense should come into play and stop the specific forkbomb file from executing.

This may seem weird explanation, but I am somewhat able to understand this only, lol and developing advanced threat defense in such a way may cause other problems too since if any user that might be using any performance booster application, in that case it may be possible that advanced threat defense may act and block that too.

Regards

Scott

https://community.bitdefender.com/en/discussion/comment/320835#Comment_320835

Thank you for your reply and giving me a little more peace of mind, Flexx, I appreciate it :)

Alexandru_BD

Here's an example of Bitdefender detection that entered today: Application.BAT.ForkBomb.2.Gen

Flexx

https://community.bitdefender.com/en/discussion/comment/320890#Comment_320890

One more virustotal link related to forkbomb

https://www.virustotal.com/gui/file/11ea65b2709bb714f059cf53767f7ee5ae6defe5b5d548e32375e65571b66015?nocache=1

Regards

Eivind

https://community.bitdefender.com/en/discussion/comment/320890#Comment_320890

I'm very pleased to hear that this matter has been looked into. It's essential to address potential issues like this promptly to ensure the safety and stability of our systems. Thank you for taking the necessary steps to mitigate the risks involved, and for prioritizing the protection of our data.