Microsoft has documented a curious infection cycle between the Vobfus worm and the Beebone Trojan , where Vobfus variants will download Beebone variants, which in turn download Vobfus variants, and so on. Can you explain how this technique works? Are there new implications for enterprises?
Ask the expert
Do you have an enterprise threat question for Nick Lewis? Submit it now via email! (All questions are anonymous.)
Advanced attacks -- and potentially the more successfully attackers -- are adopting traditional software development practices as their operations mature, allowing malware authors to incorporate new attacks and functionality without a complete rewrite of the malware. This not only reduces the time needed to produce new malware but also allows an attacker to more easily customize the attack based on the targeted organization.
The symbiotic relationship between the Vobfus worm and Beebone Trojan certainly gives the malware attack some advantages. Since both malware families are not uniformly detected, only one piece of malware will initially infect a target system. After it downloads, a new variant of the malware from the running malware will install, which could even further minimize its detection.
Fortunately there are no new implications for enterprises when it comes to a worm downloading new malware functionality. The malware-detection tools many enterprises already have in place can be used to detect Vobfus and Beebone. Desktop antimalware tools can typically detect both strains of malware, and the download process can be detected by most network-based malware tools.
Malware families and developers collaborating is far less common than a single developer working on one family of malware. If modern malware did not have a modular design and a multi-stage attack, detection of the malware would be easier and the malware would have less of a chance of being successful.
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Enterprises new to the cloud can write new security policies from scratch, but others with broad cloud usage may need an update. Consider these ... Continue Reading
Cloud security providers need to play catch-up with the evolving advancements in cloud technology. Find out what the top CSPs offer today and which ... Continue Reading
Cloud security certifications serve to bolster security professionals' resumes and boost value to employers. Learn about the top certifications ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.