Collaboration key to malware success, says Microsoft

Collaborative malware is one of the latest techniques cyber attackers are using to ensure their malicious programs cannot be removed

Collaborative malware is one of the latest techniques cyber attackers are using to ensure their malicious programs...

cannot be removed from infected computers, says Microsoft.

The company’s Malware Protection Center (MMPC) has found that the Vobfus and Beebone families of malware constantly update each other with new variants to make them resilient to antivirus products.

“Updated antivirus products may detect one variant present on the system; however, newer downloaded variants may not be detected immediately,” wrote Hyun Choi in an MMPC blog post.

A typical self-updating malware family that just updates itself can be remediated once it is detected, because once removed from the system it cannot download newer versions of itself.

However, in the case with Vobfus, even if it is detected and remediated, it could have downloaded an undetected Beebone which can in turn download an undetected variant of Vobfus, wrote Choi.

Typically, a machine is infected with Vobfus through removable media or mapped drives

Vobfus then contacts its command and control to get instructions for downloading Beebone to the same machine. Simultaneously, Vobfus infects other removable media and mapped drives.

In the third stage, Beebone contacts its command and control for instructions on downloading Vobfus updates and variants, as well as other malware.

Finally, the new variant of Vobfus downloads new variants of Beebone and simultaneously infects removable media and mapped drives.

To prevent Vobfus and Beebone gaining and maintaining a foothold on computers, Microsoft recommends using caution when clicking external links and keeping browsers and other software, including antivirus, up to date.

Because Vobfus is primarily downloaded by Beebone or spread via removable drives, a possible method of prevention is disabling autorun functionality, wrote Choi.

Image: Thinkstock



Enjoy the benefits of CW+ membership, learn more and join.

Read more



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: