Microsoft has documented a curious infection cycle between the Vobfus worm and the Beebone Trojan , where Vobfus...
variants will download Beebone variants, which in turn download Vobfus variants, and so on. Can you explain how this technique works? Are there new implications for enterprises?
Ask the expert
Do you have an enterprise threat question for Nick Lewis? Submit it now via email! (All questions are anonymous.)
Advanced attacks -- and potentially the more successfully attackers -- are adopting traditional software development practices as their operations mature, allowing malware authors to incorporate new attacks and functionality without a complete rewrite of the malware. This not only reduces the time needed to produce new malware but also allows an attacker to more easily customize the attack based on the targeted organization.
The symbiotic relationship between the Vobfus worm and Beebone Trojan certainly gives the malware attack some advantages. Since both malware families are not uniformly detected, only one piece of malware will initially infect a target system. After it downloads, a new variant of the malware from the running malware will install, which could even further minimize its detection.
Fortunately there are no new implications for enterprises when it comes to a worm downloading new malware functionality. The malware-detection tools many enterprises already have in place can be used to detect Vobfus and Beebone. Desktop antimalware tools can typically detect both strains of malware, and the download process can be detected by most network-based malware tools.
Malware families and developers collaborating is far less common than a single developer working on one family of malware. If modern malware did not have a modular design and a multi-stage attack, detection of the malware would be easier and the malware would have less of a chance of being successful.
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Researchers developed aIR-Jumper, an exploit that leverages lights within security cameras to extract data. Learn how this attack works and how to ... Continue Reading
The com.google.provision virus reportedly targets Android users, but little is known about it. Nick Lewis discusses the mystery threat and how Common... Continue Reading
A bug in Microsoft's Internet Explorer update exposes information that users enter into the browser's address bar. Learn more about the bug and URL ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.