Search This Blog

Powered by Blogger.

Blog Archive

Labels

Virus infects worm by mistake : Frankenmalware


 Day by day, malware authors managed to create new type of infection method.  Apart from the traditional malwares(virus,worm,..) , hackers managed to create new kind of malware by combining other malware's capability. For instance, Trojans with worm capabilities or viruses with Trojan features, and so on. But this time , something different.

Bitdefender malware researchers spotted a new kind of infection, the enemy attacked another enemy ; Accidentally the virus infects worm .

How does it happen?:
When a virus start to infect a system already compromised by a worm, the virus will infect the exe files on that system including the worm(worm is also exe file). So whenever the worm spreads , it will also carry the virus, both malwares will infect the target system. This will inflict a lot more damage . 

Researchers named these new infected malwares as "Frankenmalware". Researchers identified  over 40,000 such malware symbioses out of a sample pool of 10 million files.

The virus able to infect  more than one worm in a compromised system. However the virus infects the exe file in certain location only so other worms may not be infected by virus.

If the virus infect notorious worm like Downadup(70,000 infected systems in the last six months alone), it will inflict serious damage in system and disinfection would be more complicated. On the one hand, Downadup prevents the system from updating the OS and the AV solution locally installed; and on the other hand the virus may have rootkit capabilities and open a backdoor.

Worm Bypass Antivirus detection:
"Imagine that a worm is infected by a file infector (virus). And an AV detects the file infector first and tries to disinfect the files, which include the worm. In some rare cases disinfecting compromised files leaves behind clean files that are at the same time altered (not identical to the original anymore). They maintain their functionality but are slightly different in form. As most files are detected according to signatures and not based on their behavior (heuristically), an altered worm (disinfected along with other files that have been compromised by a file infector and disinfected by an antivirus) may not be caught anymore by the signature applied to the original file (that had been modified after disinfection). Disinfection might this way lead to a mutation that can actually help the worm. " Researchers said.

Share it:

Featured

Malware Report