Feeds

back to article Super-powered 'frankenmalware' strains detected in the wild

Viruses are accidentally infecting worms on victims’ computers, creating super-powered strains of hybrid software nasties. The monster malware spreads quicker than before, screws up systems worse than ever, and exposes private data in a way not even envisioned by the original virus writers. A study by antivirus outfit …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

Yawn

Antivirus vendor spreads more FEAR in order to drive more sales rather than offering free advice to keep people's systems safe.

9
2
Go

Free advice is seldom cheap: Rule of Acquisition #59

I should know. Free advice on a site I maintain cost me about C$25k over the last six years.

1
0
Coat

The malware has been doubled!

The computer might explode! And explode again!

8
0
Anonymous Coward

Hybrids?

“If you get one of these hybrids on your system, you could be facing financial troubles, computer problems, identity theft, and a wave of spam thrown in as a random bonus,” said the man who claims it can all be prevented if everyone would only apply snake oil properly, which he coincidentally can let you have some of for a small consideration.

5
1

Can we get a Beaker from the Muppets icon? I think a giant meep sounds appropriate for this kind of story.

5
0
Boffin

Seconded

<---- Let's drop this icon in favour of Beaker

0
0
Silver badge
Devil

Security company advises that Virii are "Dangerous".

>you could be facing financial troubles, computer problems, identity theft, and a wave of spam thrown in as a random bonus,

or even Death....................

The Fear Factor gotta love it....

2
1
Boffin

Advent?!

Malware sandwiches have been with us since the time of the Jerusalem virus (remember that one?).

Even more interesting (but similarly not new), some computer viruses can "mate" and exchange malicious code, resulting in new, previously unknown variants. Used to happen a lot in the MacOS (that was before Apple switched to a Linux variant for the OS of the Macs, for you youngsters out there) and the macro virus world.

But self-replicating malware (i.e., viruses) is mostly irrelevant nowadays. Most of the infections are caused by various kinds of Trojan horses (i.e., malware that does not replicate itself).

So, I'd classify this "news" item as "yet another AV company seeking attention".

3
1
Bronze badge
FAIL

Linux variant????

MacOS X is many things, some good, some bad, but it is not a Linux variant.

((Check the history: it is derived via NeXTSTEP from CMU's Mach kernel, and this work pre-dates Linux by a few years. The other ingredients in the sauce are parts of FreeBSD and NetBSD.))

FAIL icon for you, then...

(The points made about malware itself are sound.)

4
1
Silver badge
Thumb Up

"the time of the Jerusalem virus"

Jesus as Patient Zero of a new replicator meme complex?

0
0
Anonymous Coward

Wot no smugness?

Where's all the Apple/Linux/BSD/Plan9/Amiga/ZX Spectrum fanbois to tell us they're immune to such nonsense and why Windows is a doomed ship?

2
2
Silver badge

Smugness?

hahaha, I remember the Amiga viruses... and these were MENS viruses, not these namby pamby information stealing bits of fluff the yung'uns of today complain about. These modern fandangled things are so busy trying to steal information that they forget to deliver trippy payload screens, randomly formatting every media unit they can find and still find time to insult you and the other virus writers.

sheesh... the youth of today...

10
0
Joke

...and...

if you tried to tell that to the youth today, they wouldn't believe you!

0
0
Anonymous Coward

@AC 12:26GMT - No time for that! We're all busy running AV scanners on

our Linux/Unix/*BSD/MacOS X machines to search for Windows viruses. (Guffaws all around, keyboards soaked with coffee and so on).

Sorry but you asked for it!

0
0
Silver badge
Happy

I remember well

The last virus infection, apart from the malware I deliberately infect vm's with was the Saddam virus on my Amiga, now that was a proper man flu infection.

Yes you read right, I am being very smug indeed, I have not had a virus on any of my Windows or Linux boxes ever. I am very careful, although not being infallible I expect luck has a bit to do with it too.

Famous last words.... Perhaps my bank details are on there way to China or Russia now and my machine will fail to boot tomorrow 'cos the hard disk has been formatted. Good job I back up all my important and personal data in plain text to the cloud.

0
1

No virus... that you know of.

"I am being very smug indeed, I have not had a virus on any of my Windows or Linux boxes ever."

That you know of.

They don't exactly advertise their presence these days.

1
0
Gold badge
FAIL

"BitDefender doesn't have historical data to go on."

"All of the malware hybrids analysed by BitDefender so far have been created accidentally."

"BitDefender carried out its study after finding a sample of the Rimecud worm that was infected by the Virtob file infector."

Erm, so BitDefender have made the "discovery" that viruses infect files and the separate discovery that (on an infected machine) some of those files will be other viruses or worms. Furthermore, they apparently *haven't* made the discovery that usually this is done on purpose. (Modern malware generally combines several different strategies to maximise the chances of success. Even in the popular press, virus descriptions generally make this point.)

So in the absence of any clue, or historical data, they are announcing that the sky is falling. Sheesh! Even by the standards of AV press releases, this one is pretty lame.

2
2
Silver badge
Joke

What?

Nobody has welcomed our Frankenmalware chimeric worm-virus overlords?

I am astonished!!

3
0
Bronze badge
Boffin

The real danger is exponential explosion

According to the linked post, hybrids have *different* signatures to their progenitors. So, suddenly, instead of N signatures, the database has to store N(N-1) signatures. And, presumably, the only way to calculate them is either to produce the hybrid in the lab or to locate it in the wild. So, even after a signature is released, there might be a window when no signature exists for viable hybrids.

And then, I suppose, there's a chance the hybrid can be infected by another piece of malware. How far will it go O(N^3), O(N^4)? How big does the database have to become? How long does it take to produce all the signatures? There <em>is</em> a danger here. And I rely on the "snake oil" to protect my mom/girlfriend/kid from being infected. So let's hope virus writers don't start coding with this in mind, or what we call "malware" might become genes in the first piece of artificial life. But for the moment, I won't be losing any sleep.

0
0
Anonymous Coward

re: How big does the database have to become?

I don't think it will take much more to detect a hybrid than to detect its component parts - it will still retain the characteristics of these. AIUI the threat is more about the increase of available infection vectors, which might allow an outbreak to spread faster and further.

0
0
Silver badge
Boffin

"According to the linked post, hybrids have *different* signatures to their progenitors."

No, according to the blog post, a hypothetical situation may occur where AV software disinfects the latest infection, leaving the file with the previous infection(s), but due to a weakness in the disinfection process, the previous infections no longer have the original signature.

This is a) hypothetical only, b) more indicative of a flawed disinfection process than a new danger posed by malware hybrids, and c) not likely to produce a N(N-1) situation because the signature modification happens in the disinfection process, not the infection process. So the more likely number of signatures required would be N(F) where F is the number of distinct (i.e, producing different artifacts) flawed disinfection routines. And the solution is to fix the disinfection routines.

0
0
Anonymous Coward

Which platform?

On which platform/operating system is this? Windows? Another reason to deinstall it.

1
2
Anonymous Coward

re: Which platform?

Probably the most common one, because that's the one that provides most potential for proliferation. Simples.

0
0
Megaphone

There fixed it for you-

Viruses are accidentally infecting worms on victims’ Windows computers,

0
0

Didn't need fixing.

It didn't need fixing since Windows is ubiquitous. A few niche or hobby OSes don't count.

Now I don't believe that, but I thought I'd give you a sample of what ignorant, patronising shite coming towards you was like rather than radiating away from you as per the norm.

2
2
Facepalm

This is a new thing?

Umm, this has been going on for a long time, but not put into these exact words... Most Malware infections include a combination of rootkits, trojans, and other variants of malware by the time many users bring their systems to the shop. If they can get infected, and not break the PC, then they technically work together. Much like some times you can have 2 antiviruses on a computer and have it not break windows, you don't call that Mega-protection. The fact people are pointing out the fact malware can combine if they don't break each other, seems kind of strange to me on an IT site. It would make some kind of sense on the mainstream media, because they are about 5-10 years behind reality when it comes to technology and science.

But don't listen to me, just a filthy peasant :P

0
0
Silver badge
Meh

http://en.wikipedia.org/wiki/Core_War

I think it is extremely unlikely that successful hybrids will be created accidentally. This is not a large physically grounded system with high parallelism. Here, we have a few thousands computers in which "hybridized code" implies higher success at crashing & burning, not at hiding, surviving and infecting.

As to why anyone would develop such a thing knowingly ... beats me. Why not just pack everything into a known correct package?

0
0
Jop
Mushroom

If im not mistaken

An AV using heuristics should spot the first virus on the system and also the second. For the same reasons it would detect the hybrid too.

On an AV not using heuristics that looks for strings/identifiers, it should spot both individual viri. A hybrid of the two should still have the identifying marks of the second virus to infect the first, so would still be identifiable as long as the AV has the definition for it.

So the result is no different from having 2 different viri on your computer. They are not giving the other viri any extra features or spreading any of the code of each other. It is not parasitic in any way. It would have to be coded to be parasitic and use the code of another infection.

The only thing I can see is that one virus may stay hidden due to double encryption of a file by the second virus but this should be spotted at run time. In any case the AV should catch the first virus anyway.

Am I missing something?

0
0
Gold badge

Re: Am I missing something?

Dunno, to be honest, since I don't write AV code. But I can speculate.

Heuristics are unreliable, so a system based on heuristics needs lots of ticks on its check-list before it dares to flag a program as a virus. Therefore, small changes in behaviour may well be enough to get past heuristics, unless the heuristics are cranked up to Total Paranoia mode, in which case the heuristics probably start flagging up the OS as a virus. (Guess: this is already happening and is the real reason behind the occasional tendency of some AV offerings to brick Windows systems.)

Signatures similarly can't afford to be too short, or else legitimate applications will, by chance, have the same sequence of instructions. Almost any modification, and that certainly includes patching by another virus, might be enough to invalidate signature-based checks, possibly even for both viruses.

On the other hand, this is not a new phenomenon. It has *always* been possible for one virus to infect another. Therefore, I think we already know how effective AV software will be, because it already *is* dealing with this problem.

0
0
CPC
Facepalm

Dear Miss Taken

you assume that the muppets getting infected are running AV or even have a clue

0
0
WTF?

breeding?

If different software can breed then why hasn't linux bred with windows to create a robust OS with a graphical frontend that can run more than just a few half-written apps?

- a dissapointed linux user.

0
3
Anonymous Coward

@brainwrong - Stay with your Windows then and be happy!

We the non-Windows users do not want any of the Windows malware, WGA checks and compulsory registration included.

1
0
Gold badge

Re: breeding?

Read your Dawkins, brainwrong. Breeding is a *random* mixture of parental genes. The result is likely to be a non-robust OS that no-one can use: Ubuntu with Unity/HUD. For what you've asked for, you need intelligent design.

0
0
Mushroom

AAHHH!

IT'S HACKED MY INTERNET AND HAS CONTROL OVER MY FIREWALLS!

0
0
min

something tells me that breeding Linux and windows will produce one fugly Mule.

0
0
Anonymous Coward

@min - I believe it will rather produce this instead

Linux Genuine Advantage (just Bing for their website)

0
0
Headmaster

on the other (more realistic) hand

Computers riddled with multiple malware are probably already so compromised that there is nothing left to hack

memo to BitDefender - viruses do not "accidentally" infect other files unless you are using the word "accidentally" in its little know alternative meaning of "deliberately"

0
0
Boffin

Sounds familiar...

"Goodtimes will give you Dutch Elm disease. It will leave the toilet seat up. It will make a batch of Methamphetamine in your bathtub and then leave bacon cooking on the stove while it goes out to chase neighborhood children with your new lawnmower."

Yeah. I thought as much.

0
0

Goodtimes! :)

Dude, thanks for the chuckle and the bit of nostalgia. The original email had me about crying on the floor after half a decade of "warnings."

1
0
Happy

I was once a regular correspondant with George Smith of the Crypt Newsletter and Rob Rosenberger of Virus Myths. I picked up a pretty jaded attitude towards software security companies. Yes, they have a product and a need for it too, but they're strongly motivated to spread fear and misunderstanding.

The "goodtimes/badtimes" letter made me giggle like a lunatic. :)

1
0

What a second...

Isn't this just two infections on the same machine? I mean the code from one is not inserting itself into the code of the other and then infecting new machines using the new capabilities in an intentional way is it?

0
0
Anonymous Coward

Sounds like nobody had heard of polymorphic and multipartite viruses oh, I don't know, 20 years ago?

1
0
This topic is closed for new posts.