Collaboration key to malware success, says Microsoft

cyber security

Collaboration key to malware success, says Microsoft

Warwick Ashford

Collaborative malware is one of the latest techniques cyber attackers are using to ensure their malicious programs cannot be removed from infected computers, says Microsoft.

The company’s Malware Protection Center (MMPC) has found that the Vobfus and Beebone families of malware constantly update each other with new variants to make them resilient to antivirus products.

“Updated antivirus products may detect one variant present on the system; however, newer downloaded variants may not be detected immediately,” wrote Hyun Choi in an MMPC blog post.

A typical self-updating malware family that just updates itself can be remediated once it is detected, because once removed from the system it cannot download newer versions of itself.

However, in the case with Vobfus, even if it is detected and remediated, it could have downloaded an undetected Beebone which can in turn download an undetected variant of Vobfus, wrote Choi.

Typically, a machine is infected with Vobfus through removable media or mapped drives

Vobfus then contacts its command and control to get instructions for downloading Beebone to the same machine. Simultaneously, Vobfus infects other removable media and mapped drives.

In the third stage, Beebone contacts its command and control for instructions on downloading Vobfus updates and variants, as well as other malware.

Finally, the new variant of Vobfus downloads new variants of Beebone and simultaneously infects removable media and mapped drives.

To prevent Vobfus and Beebone gaining and maintaining a foothold on computers, Microsoft recommends using caution when clicking external links and keeping browsers and other software, including antivirus, up to date.

Because Vobfus is primarily downloaded by Beebone or spread via removable drives, a possible method of prevention is disabling autorun functionality, wrote Choi.


Image: Thinkstock


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy