Bitdefender researchers find evidence of viruses infecting worms creating new form of malware

Jan 27, 2012 by Bob Yirka report
Keyboard

(PhysOrg.com) -- Romania based antivirus software company Softwin, makers of Bitdefender, have announced that they have found multiple instances of computers being infected with worms that have been infected by viruses, creating what they describe as a new Frankenstein piece of malware that should have users all over the world concerned as the new resultant mutant offspring may be more destructive than either alone and more difficult to detect by traditional software programs.

The problem they say, occurs when a computer becomes infected by a that has already been infected by a worm. Because worms tend to exist as executable (.exe) files and viruses tend to infect executable files, it’s only a matter of time before a preexisting worm becomes infected with a virus that manages to make its way onto the computer as well. And while the idea of a mutant bit of on a computer seems much worse than the traditional fare, thus far, the research team at Bitdefender doesn’t seem to have any evidence backing up its claim that the new double-whammy worm/virus combo is actually any more destructive than either would be alone if both existed as separate entities on the same computer. Although it does seem plausible that such a type of coexistence could allow viruses to spread much more easily through a network than it could were it to go it alone, as worms are generally much better at doing so.

In their announcement, the research team says it found 40,000 instances of the mutated malware out of a sample of ten million files; a hit rate of 0.4 percent. One such instance was the Virtob virus infecting worms such as the Rimecud, a potentially potent combination as Rimecud was designed to steal information such as passwords, and Virtob to create a hacker-controlled back door. Thus the two combined could find private information and then allow a hacker to sneak in and use that information to access private accounts such as for banks or credit cards.

One issue not addressed in the announcement however was the degree of damage to the worm caused by the virus upon attack, the purpose of most viruses after all, is to wreak havoc. If extensive enough, damage to a worm could kill it or make it unable to do its job which would mean no viable mutant malware would result.

Thus far the researchers say, they don’t believe the virus attacks on worms were intentional or planned by makers of either, but it’s clearly not beyond the realm of possibility now that the option has been raised, and if that does occur, it most certainly could pose a very serious threat to computers and networks the world over.

Explore further: Microsoft to spotlight new Windows software September 30

More information:
via Malware City

Related Stories

Help! How to avoid fast-moving computer worm

Jan 28, 2009

Since early January, a worm that has been referred to by several names, including "Downadup," "Kido" and "Conficker," has been infecting millions of computers around the world. The worm exploits a previously discovered vulnerability ...

Conficker Worm Prepares For A New Release On April 1

Mar 27, 2009

(PhysOrg.com) -- The conficker worm created havoc last year when it infected over 10 million computers on a global scale. The unique design of the conficker worm allowed for this large scale attack to over ...

Conficker worm dabbling with mischief

Apr 28, 2009

The Conficker worm's creators are evidently toying with ways to put the pervasive computer virus to work firing off spam or spreading rogue anti-virus applications called "scareware."

Recommended for you

Tokyo Game Show: On the hunt for the next Minecraft

10 hours ago

The staggering $2.5 billion that Microsoft has just shelled out for Minecraft and its quirky graphics will be foremost in developers' minds at the Tokyo Game Show this week, where simple yet immersive games ...

Better non-functional security tests for software

Sep 15, 2014

The integration of digital expert knowledge and automation of risk analyses can greatly improve software test procedures and make cloud computing more secure. This is shown by the latest results of a project ...

'Grand Theft Auto V' to hit PS4 and Xbox One

Sep 12, 2014

Rockstar Games on Friday announced that the latest installment of its crime-themed blockbuster video game "Grand Theft Auto" will hit PlayStation 4 and Xbox One consoles in November.

User comments : 3

Adjust slider to filter visible comments by rank

Display comments: newest first

supercat765
3 / 5 (2) Jan 27, 2012
this could be used as a good thing by creating a computer version of a retrovirus so it would just attack and destroy worm programs it finds.
cmn
5 / 5 (3) Jan 27, 2012
That happened before, years ago, someone created a worm (Welchia) that patched a hole created/used by a different worm (Blaster). As a technician at the time, we still had to disinfect/rebuild computers infected with Welchia because the worm was still a security risk and took up network resources.

This is sort of an interesting phenomenon, as similar things seem to happen in nature, where various pathogens combine and cohabitate, sharing their DNA. It would be neat if these viruses/worms eventually evolved in the wild beyond their initial programming, taking on many different roles/exploits.
Shifty0x88
not rated yet Jan 27, 2012
I believe a lot of the botnet for sale have this type of capability but usually it is to render the other piece of malware inert so that the botnet software can do it's thing without having to deal with another program making noise to the user or causing the user to fix both issues.

I wish supercat765, I wish someone actually came up with a "good" retrovirus but then they would be as legally liable as any other "bad" malware writer.