Related Links

Top 5 Stories


Viruses and worms are evolving into Frankenmalware

25 January 2012

Viruses infect executables. Worms are executables. So viruses can, and are, infecting worms. The result, claims anti-virus company BitDefender, is a new category of threat: Frankenmalware.

Security researcher Loredana Botezatu claims that BitDefender has found “no less than 40,000 such malware symbioses out of a sample pool of 10 million files.” She believes that most of these have evolved naturally, but is concerned that they pose a new and worrying threat. “Although this happens unintentionally, the combined features from both pieces of malware will inflict a lot more damage than the creators of either piece of malware intended.”

The research describes a specific example it has found: the Rimecud worm infected with the Virtob file infector. It describes a potentially worrying scenario. “That PC faces a twofold malware with twice as many command and control servers to query for instructions; moreover, there are two backdoors open, two attack techniques active and various spreading methods put in place. Where one fails, the other succeeds.”

Furthermore, she adds that if you get one of these hybrids on your system, “you could be facing financial troubles, computer problems, identity theft, and a wave of spam thrown in as a random bonus,” says Loredana Botezatu. “The advent of malware sandwiches throws a new twist into the world of malware. They spread more efficiently, and will become increasingly difficult to predict.”

Should we be afraid? Well, we need to look at this objectively. One effect highlighted by the report is that the new Frankenmalware changes the detection signature of both the original virus and the original worm, making it impossible to detect. But malware does this all the time, either by the application of a malware kit or sometimes via code within the malware itself. Anti-virus products are designed to detect such ‘new’ malware by their actions rather than their signatures.

So the bottom line is this. BitDefender’s research is accurate. What it dubs Frankenmalware is inevitable. Theoretically, everything it describes is a possible outcome. But while the evolution might be factual, the potential threat is hypothetical. Malware plus malware is still malware; neither more nor less. And the anti-malware industry, including BitDefender, is very good at controlling it.

This article is featured in:
Internet and Network Security  •  Malware and Hardware Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×