Malware that creates a download loop
Posted by: TimW on 07/03/2013 10:51 AM
[
Comments
]
Some of the most difficult malware to remove are those that feed off of other malware. By that, we mean malware such as the Vobfus worm and Beebone Trojan families. Microsoft’s Malware Protection Center observed an infection cycle in the wild where Vobfus variants download Beebone variants that in turn download more Vobfus malware that then went and downloaded other strains of Beebone that did same thing, presumably until someone stepped in and stopped preventing it from doing so.
“This cyclical relationship between Beebone and Vobfus downloading each other is the reason why Vobfus may seem so resilient to antivirus products,” Microsoft’s Hyun Choi wrote for Technet. “Vobfus and Beebone can constantly update each other with new variants. Updated antivirus products may detect one variant present on the system; however, newer downloaded variants may not be detected immediately.“
Most all malware is designed to update itself. However, with these new strains, you might not catch the most recent version of Beebone (or any of the other malware it summons from its C&C), which will subsequently re-download the newest, yet-undetectable version of Vobfus.
“This cyclical relationship between Beebone and Vobfus downloading each other is the reason why Vobfus may seem so resilient to antivirus products,” Microsoft’s Hyun Choi wrote for Technet. “Vobfus and Beebone can constantly update each other with new variants. Updated antivirus products may detect one variant present on the system; however, newer downloaded variants may not be detected immediately.“
Most all malware is designed to update itself. However, with these new strains, you might not catch the most recent version of Beebone (or any of the other malware it summons from its C&C), which will subsequently re-download the newest, yet-undetectable version of Vobfus.
Comments
