Microsoft has documented a curious infection cycle between the Vobfus worm and the Beebone Trojan , where Vobfus...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
variants will download Beebone variants, which in turn download Vobfus variants, and so on. Can you explain how this technique works? Are there new implications for enterprises?
Ask the expert
Do you have an enterprise threat question for Nick Lewis? Submit it now via email! (All questions are anonymous.)
Advanced attacks -- and potentially the more successfully attackers -- are adopting traditional software development practices as their operations mature, allowing malware authors to incorporate new attacks and functionality without a complete rewrite of the malware. This not only reduces the time needed to produce new malware but also allows an attacker to more easily customize the attack based on the targeted organization.
The symbiotic relationship between the Vobfus worm and Beebone Trojan certainly gives the malware attack some advantages. Since both malware families are not uniformly detected, only one piece of malware will initially infect a target system. After it downloads, a new variant of the malware from the running malware will install, which could even further minimize its detection.
Fortunately there are no new implications for enterprises when it comes to a worm downloading new malware functionality. The malware-detection tools many enterprises already have in place can be used to detect Vobfus and Beebone. Desktop antimalware tools can typically detect both strains of malware, and the download process can be detected by most network-based malware tools.
Malware families and developers collaborating is far less common than a single developer working on one family of malware. If modern malware did not have a modular design and a multi-stage attack, detection of the malware would be easier and the malware would have less of a chance of being successful.
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
An HTTPS session with a reused nonce is vulnerable to the Forbidden attack. Expert Nick Lewis explains how the attack works, and how to properly ...continue reading
The Irongate malware has been discovered to have similar functionality to Stuxnet. Expert Nick Lewis explains how enterprises can protect their ICS ...continue reading
APT groups have been continuously exploiting a flaw in Microsoft Office, despite it having been patched. Expert Nick Lewis explains how these attacks...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.