Super Powered Malware Sandwiches Found In The Wild – Frankenmalware

Keep on Guard!


Now this is quite a fascinating story, especially if you know anything about Malware and have interests in that area.

It seems the latest development is the accidental development of new super-malware strains created by viruses infecting executable files of worms. Worms are generally executable files and well, viruses infect executables – so you can imagine what happens.

Now the franken-worm has both the characteristics of the original worm and it also carries the virus – so when it spreads, the virus also spreads.

Viruses are accidentally infecting worms on victims’ computers, creating super-powered strains of hybrid software nasties.

The monster malware spreads quicker than before, screws up systems worse than ever, and exposes private data in a way not even envisioned by the original virus writers.

A study by antivirus outfit BitDefender found 40,000 such “Frankenmalware samples” in a study of 10 million infected files in early January, or 0.4 per cent of malware strains sampled. These cybercrime chimeras pose a greater risk to infected users than standard malware, the Romanian antivirus firm warns.

“If you get one of these hybrids on your system, you could be facing financial troubles, computer problems, identity theft, and a wave of spam thrown in as a random bonus,” said Loredana Botezatu, the BitDefender analyst who carried out the study. “The advent of malware sandwiches throws a new twist into the world of malware. They spread more efficiently, and will become increasingly difficult to predict.”

BitDefender doesn’t have historical data to go on. Even so it posits that frankenmalware is likely to grow at the same rate as regular computer viruses, or about 17 per cent year on year.

There’s really unlimited possibilities with this, and the great thing (to me anyway) is that it occurred by complete accident. I guess the next step up would be virus authors purposely hunting down worm files and infecting them with additional capabilities.

There’s always been cases of malware in the past that hunt down other malware and remove them from the host machine.


All of the malware hybrids analysed by BitDefender so far have been created accidentally. However, the risk posed by these combos could increase dramatically as crooks latch onto the idea of deliberately splicing malware strains together to see what sticks. This is on top of efforts by blackhat coders to add extra features to others’ viruses and unleash the updated builds onto the unsuspecting public.

BitDefender carried out its study after finding a sample of the Rimecud worm that was infected by the Virtob file infector. Rimecud is designed to steal online passwords for e-banking or e-mail accounts, among other functions. Virtob creates a hacker-controlled backdoor on infected systems.

“Imagine these two pieces of malware working together – willingly or not – on the same compromised system,” Botezatu explains. “That PC faces a twofold malware with twice as many command and control servers to query for instructions; moreover, there are two backdoors open, two attack techniques active and various spreading methods put in place. Where one fails, the other succeeds.”

I wonder what will happen in the future with this and if the bad guys will really jump on this already sailing ship and use it to their advantage.

If you are interested you can read more on BitDefender’s Malware city blog here:

Virus infects worm by mistake

Source: The Register

Posted in: Malware

,


Latest Posts:


BootStomp - Find Bootloader Vulnerabilities BootStomp – Find Android Bootloader Vulnerabilities
BootStomp is a Python-based tool, with Docker support that helps you find two different classes of bootloader vulnerabilities and bugs.
Google Chrome Marking ALL Non-HTTPS Sites Insecure July 2018 Google Chrome Marking ALL Non-HTTPS Sites Insecure July 2018
Google is ramping up its campaign against HTTP only sites and is going to mark ALL Non-HTTPS sites insecure in July 2018 with the release of Chrome 68.
altdns - Subdomain Recon Tool With Permutation Generation altdns – Subdomain Recon Tool With Permutation Generation
Altdns is a subdomain recon tool in Python that allows for the discovery of subdomains that conform to patterns. The tool takes in words that could be present in subdomains under a domain (such as test, dev, staging) as well as takes in a list of subdomains that you know of.
0-Day Flash Vulnerability Exploited In The Wild 0-Day Flash Vulnerability Exploited In The Wild
So another 0-Day Flash Vulnerability is being exploited in the Wild, a previously unknown flaw which has been labelled CVE-2018-4878 and it affects 28.0.0.137 and earlier versions
dorkbot - Command-Line Tool For Google Dorking dorkbot – Command-Line Tool For Google Dorking
dorkbot is a modular command-line tool for Google dorking, which is performing vulnerability scans against a set of web pages returned by Google search queries in a given Google Custom Search Engine.
USBPcap - USB Packet Capture For Windows USBPcap – USB Packet Capture For Windows
USBPcap is an open-source USB Packet Capture tool for Windows that can be used together with Wireshark in order to analyse USB traffic without using a Virtual Machine.


5 Responses to Super Powered Malware Sandwiches Found In The Wild – Frankenmalware

  1. Kevin Flynn January 25, 2012 at 8:13 pm #

    There’s an XLCD toon where the black hat has a VN of boxes all infected with whatevers out there..all competing for system resources, evolving…I imagine som is now going to try that for real.

  2. Bogwitch January 27, 2012 at 9:51 am #

    And thus, Skynet was born.

  3. m1t0s1s February 23, 2012 at 4:46 am #

    I’ve imagined the ultimate for awhile now. It would be polymorphic,re-encrypts itself based on hashing random hd sectors, stay quiet. It would have a randomness to evade detection. It wouldn’t cause any damage, and on infection it would choose a random time from one week or more to x weeks to start spreading itself via any of a maltitude of vectors.

    It would have an entropy that would be hard to track.