Bitdefender researchers find evidence of viruses infecting worms creating new form of malware

January 27, 2012 by Bob Yirka report

( -- Romania based antivirus software company Softwin, makers of Bitdefender, have announced that they have found multiple instances of computers being infected with worms that have been infected by viruses, creating what they describe as a new Frankenstein piece of malware that should have users all over the world concerned as the new resultant mutant offspring may be more destructive than either alone and more difficult to detect by traditional software programs.

The problem they say, occurs when a computer becomes infected by a that has already been infected by a worm. Because worms tend to exist as executable (.exe) files and viruses tend to infect executable files, it’s only a matter of time before a preexisting worm becomes infected with a virus that manages to make its way onto the computer as well. And while the idea of a mutant bit of on a computer seems much worse than the traditional fare, thus far, the research team at Bitdefender doesn’t seem to have any evidence backing up its claim that the new double-whammy worm/virus combo is actually any more destructive than either would be alone if both existed as separate entities on the same computer. Although it does seem plausible that such a type of coexistence could allow viruses to spread much more easily through a network than it could were it to go it alone, as worms are generally much better at doing so.

In their announcement, the research team says it found 40,000 instances of the mutated malware out of a sample of ten million files; a hit rate of 0.4 percent. One such instance was the Virtob virus infecting worms such as the Rimecud, a potentially potent combination as Rimecud was designed to steal information such as passwords, and Virtob to create a hacker-controlled back door. Thus the two combined could find private information and then allow a hacker to sneak in and use that information to access private accounts such as for banks or credit cards.

One issue not addressed in the announcement however was the degree of damage to the worm caused by the virus upon attack, the purpose of most viruses after all, is to wreak havoc. If extensive enough, damage to a worm could kill it or make it unable to do its job which would mean no viable mutant malware would result.

Thus far the researchers say, they don’t believe the virus attacks on worms were intentional or planned by makers of either, but it’s clearly not beyond the realm of possibility now that the option has been raised, and if that does occur, it most certainly could pose a very serious threat to computers and networks the world over.

Explore further: Help! How to avoid fast-moving computer worm

More information:
via Malware City

Related Stories

Help! How to avoid fast-moving computer worm

January 28, 2009

Since early January, a worm that has been referred to by several names, including "Downadup," "Kido" and "Conficker," has been infecting millions of computers around the world. The worm exploits a previously discovered vulnerability ...

Conficker Worm Prepares For A New Release On April 1

March 27, 2009

( -- The conficker worm created havoc last year when it infected over 10 million computers on a global scale. The unique design of the conficker worm allowed for this large scale attack to over 8 million business ...

Conficker worm dabbling with mischief

April 28, 2009

The Conficker worm's creators are evidently toying with ways to put the pervasive computer virus to work firing off spam or spreading rogue anti-virus applications called "scareware."

Recommended for you

Microbes help turn Greek yogurt waste into fuel

December 13, 2017

Consumers across the world enjoy Greek yogurt for its taste, texture, and protein-packed punch. Reaching that perfect formula, however, generates large volumes of food waste in the form of liquid whey. Now researchers in ...


Adjust slider to filter visible comments by rank

Display comments: newest first

3 / 5 (2) Jan 27, 2012
this could be used as a good thing by creating a computer version of a retrovirus so it would just attack and destroy worm programs it finds.
5 / 5 (3) Jan 27, 2012
That happened before, years ago, someone created a worm (Welchia) that patched a hole created/used by a different worm (Blaster). As a technician at the time, we still had to disinfect/rebuild computers infected with Welchia because the worm was still a security risk and took up network resources.

This is sort of an interesting phenomenon, as similar things seem to happen in nature, where various pathogens combine and cohabitate, sharing their DNA. It would be neat if these viruses/worms eventually evolved in the wild beyond their initial programming, taking on many different roles/exploits.
not rated yet Jan 27, 2012
I believe a lot of the botnet for sale have this type of capability but usually it is to render the other piece of malware inert so that the botnet software can do it's thing without having to deal with another program making noise to the user or causing the user to fix both issues.

I wish supercat765, I wish someone actually came up with a "good" retrovirus but then they would be as legally liable as any other "bad" malware writer.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.