Malware alliances a new headache for antivirus software
3 July 2013 | 0
There’s a fascinating story on the BBC website about a pair of symbiotic PC viruses that help each other to survive by regularly downloading updated versions of each other.
The close relationship between the two viruses was uncovered by Microsoft malware researcher Hyun Choi who found the Win32/Vobfus had a cyclical relationship with Win32/Beebone.
Choi blogged that the two threat families "are intrinsically related" and the relationship "between Beebone and Vobfus downloading each other is the reason why Vobfus may seem so resilient to antivirus products".
Vobfus and Beebone are able to constantly update each other with new variants. Choi points out that "even if Vobfus is detected and remediated, it could have downloaded an undetected Beebone which can, in turn, download an undetected variant of Vofbus".
Leaving aside the increased danger Vobfus and Beebone represent, my first thought was that it represented an impressively symbiotic piece of programming, although with the obvious caveat that this type of ingenuity is being wasted on these type of criminal endeavours.
Of course, from a commercial point of view this probably wouldn’t be too hard to replicate and, now I come to think of it, in terms of my everyday use, it’s a bit like OS X and iTunes for example. On occasion, when I’ve update OS X, I’ve found that when I open iTunes for the first time I have been prompted to install the latest version of Apple’s media programme.
So I guess that actually it’s not that surprising (or impressive) that someone from the other side of the tracks has decided to do something similar with malware although, obviously, it has to be done secretly and undetected by the user.
What is potentially concerning, however, is that malware authors are using techniques that have been applied within OSes and applications on a commercial basis for illicit gain. As such, they have created a vulnerability from a convenient feature that exists within OSes to make life easier for users.
Sadly, it would appear that making things easier for the user can sometimes equate with making life easier for the bad guys too. This ties in with the wider balancing act in the IT world between making things easier to use and making them more secure. It’s ironic that the malware writers have managed to achieve just that by creating programmes that are easy to install but more secure.