Microsoft has documented a curious infection cycle between the Vobfus worm and the Beebone Trojan , where Vobfus...
variants will download Beebone variants, which in turn download Vobfus variants, and so on. Can you explain how this technique works? Are there new implications for enterprises?
Ask the expert
Do you have an enterprise threat question for Nick Lewis? Submit it now via email! (All questions are anonymous.)
Advanced attacks -- and potentially the more successfully attackers -- are adopting traditional software development practices as their operations mature, allowing malware authors to incorporate new attacks and functionality without a complete rewrite of the malware. This not only reduces the time needed to produce new malware but also allows an attacker to more easily customize the attack based on the targeted organization.
The symbiotic relationship between the Vobfus worm and Beebone Trojan certainly gives the malware attack some advantages. Since both malware families are not uniformly detected, only one piece of malware will initially infect a target system. After it downloads, a new variant of the malware from the running malware will install, which could even further minimize its detection.
Fortunately there are no new implications for enterprises when it comes to a worm downloading new malware functionality. The malware-detection tools many enterprises already have in place can be used to detect Vobfus and Beebone. Desktop antimalware tools can typically detect both strains of malware, and the download process can be detected by most network-based malware tools.
Malware families and developers collaborating is far less common than a single developer working on one family of malware. If modern malware did not have a modular design and a multi-stage attack, detection of the malware would be easier and the malware would have less of a chance of being successful.
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
SSL attacks "in stealth mode" are helping attackers avoid detection and analysis. Expert Nick Lewis explains how to discover and defend against the ...continue reading
Learn how sinkholing is helping security experts analyze infected devices and even disable malware in compromised endpoints.continue reading
Motion and gestures are being used for mobile malware detection on smartphones. Learn how this method works and whether it is a worthy addition to an...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.