Malware Programs Feed Off Each Other

Wednesday, July 3, 2013 @ 11:07 AM gHale

Two malicious software programs learn to feed off of each other and help each other stay on computers and become very difficult to remove.

The programs work together by alternately downloading slighter different variations of the other in an attempt to evade antivirus software, said Hyun Choi of Microsoft’s Malware Protection Center.

Win 8 CAPTCHA Malware
Trojan Speaks Local Languages
Trojan Takes Over Google Docs
Trojan Uses Fake Adobe Certificate

One of the malware programs, called Vobfus, first came to light in September 2009. It is a program that downloads other pieces of code.

Once Vobfus infects a computer, it downloads from a remote command-and-control server a program called Beebone, which is another kind of downloader that installs other malicious programs on a computer. The two work together, downloading variants of the other not immediately detected by antivirus products, Choi said.

“This cyclical relationship between Beebone and Vobfus downloading each other is the reason why Vobfus may seem so resilient to antivirus products,” Choi said. “Updated antivirus products may detect one variant present on the system; however, newer downloaded variants may not be detected immediately.”

Other malware programs can update themselves once a computer becomes infected. But if the malware ends up detected and removed, the targeted computer would have to suffer infection again. The approach of Vobfus and Beebone makes it more likely the computer will remain infected.

Vobfus is also a worm that copies itself to removable drives. It uses the autorun function that, if enabled on a computer, causes Vobfus to automatically run and infect Windows computers.

Leave a Reply

You must be logged in to post a comment.