Microsoft has documented a curious infection cycle between the Vobfus worm and the Beebone Trojan , where Vobfus variants will download Beebone variants, which in turn download Vobfus variants, and so on. Can you explain how this technique works? Are there new implications for enterprises?
Ask the expert
Do you have an enterprise threat question for Nick Lewis? Submit it now via email! (All questions are anonymous.)
Advanced attacks -- and potentially the more successfully attackers -- are adopting traditional software development practices as their operations mature, allowing malware authors to incorporate new attacks and functionality without a complete rewrite of the malware. This not only reduces the time needed to produce new malware but also allows an attacker to more easily customize the attack based on the targeted organization.
The symbiotic relationship between the Vobfus worm and Beebone Trojan certainly gives the malware attack some advantages. Since both malware families are not uniformly detected, only one piece of malware will initially infect a target system. After it downloads, a new variant of the malware from the running malware will install, which could even further minimize its detection.
Fortunately there are no new implications for enterprises when it comes to a worm downloading new malware functionality. The malware-detection tools many enterprises already have in place can be used to detect Vobfus and Beebone. Desktop antimalware tools can typically detect both strains of malware, and the download process can be detected by most network-based malware tools.
Malware families and developers collaborating is far less common than a single developer working on one family of malware. If modern malware did not have a modular design and a multi-stage attack, detection of the malware would be easier and the malware would have less of a chance of being successful.
Dig deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis, Enterprise Threats
A new variant of Java-based malware can execute regardless of the operating system used. Nick Lewis explains how to limit the threat.continue reading
A variant of malware on Android devices removes and reinstalls itself when a device powers on or off. Learn how to completely eradicate the threat.continue reading
Expert Nick Lewis explains how to avoid a detrimental VPN bypass flaw that allows malicious apps to infiltrate Android devices.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.