BitDefender: Viruses, Worms Escape Control to Breed Unpredictable New Computer Threat
January 2012 by Bitdefender
Viruses are accidentally infecting worms on victims’ computers, creating a hybrid new malware that can spread more rapidly and launch chaotic attacks to systems, bank accounts and data privacy in a way not even envisioned by the malware creators.
A Bitdefender analysis found 40,000 such Frankenmalware samples in a study of 10 million infected files in early January, or 0.4 percent of malware checked. If the ratio holds throughout the estimated 65 million malware samples in the world, about 260,000 of these toxic combinations could be threatening computer security.
“If you get one of these hybrids on your system, you could be facing financial troubles, computer problems, identity theft, and a wave of spam thrown in as a random bonus,” said Bitdefender E-Threats Analyst Loredana Botezatu, who launched the study of the hybrid species of malware. “The advent of malware sandwiches throws a new twist into the world of malware. They are harder to eradicate, spread more efficiently, and will become increasingly difficult to predict.”
Although older data does not exist for these malware sandwiches, the number of such hybrids has grown in recent years and will likely continue to spread at the same pace as malware in general. A Bitdefender study estimates that malware will grow by 17 percent this year.
All of the malware hybrids analyzed by Bitdefender so far have been created accidentally. However, the risk posed by these combos could increase dramatically as crooks might begin to fabricate their own compounds, or release malware specifically streamlined to encourage the random creation of malware sandwiches, Botezatu said.
Bitdefender launched its study into malware sandwiches after finding the Rimecud worm infected by the Virtob file infector. Rimecud steals passwords for e-banking, on-line shopping, social networking or e-mail accounts, among other functions. Virtob, meanwhile, allows commands from a remote attacker, skirts firewalls, and ensures its persistence by injecting code into Winlogon, a critical process.
A chaotic hybrid of the two is already out in the wild, along with other malware sandwich combinations that can dramatically increase the risk to infected PCs, and increase the rate of infection.
“Now, imagine these two pieces of malware working together - willingly or not - on the same compromised system,” Botezatu writes in her report available at www.malwarecity.com. “That PC faces a twofold malware with twice as many command and control servers to query for instructions; moreover, there are two backdoors open, two attack techniques active and various spreading methods put in place. Where one fails, the other succeeds.”