Collaborative malware is one of the latest techniques cyber attackers are using to ensure their malicious programs cannot be removed from infected computers, says Microsoft.
“Updated antivirus products may detect one variant present on the system; however, newer downloaded variants may not be detected immediately,” wrote Hyun Choi in an MMPC blog post.
A typical self-updating malware family that just updates itself can be remediated once it is detected, because once removed from the system it cannot download newer versions of itself.
However, in the case with Vobfus, even if it is detected and remediated, it could have downloaded an undetected Beebone which can in turn download an undetected variant of Vobfus, wrote Choi.
More on malware
- Hackers open malware backdoor in Apache web servers
- Most firms underestimate volume of malware, study shows
- Malware hits US power plants
- UK banks hit by password bypassing malware, says Trusteer
- New approach blocks all zero-day malware, says Trusteer
- Mobile malware up 163% in 2012, says NQ Mobile
- Rapid malware growth for smartphones, reports G Data
- Measuring the risk posed by sophisticated malware evasion techniques
- Malware hits businesses 20 to 60 times an hour, say researchers
- Malware in counterfeit software to cost business $114bn in 2013
Vobfus then contacts its command and control to get instructions for downloading Beebone to the same machine. Simultaneously, Vobfus infects other removable media and mapped drives.
In the third stage, Beebone contacts its command and control for instructions on downloading Vobfus updates and variants, as well as other malware.
Finally, the new variant of Vobfus downloads new variants of Beebone and simultaneously infects removable media and mapped drives.
To prevent Vobfus and Beebone gaining and maintaining a foothold on computers, Microsoft recommends using caution when clicking external links and keeping browsers and other software, including antivirus, up to date.
Because Vobfus is primarily downloaded by Beebone or spread via removable drives, a possible method of prevention is disabling autorun functionality, wrote Choi.