Collaboration key to malware success, says Microsoft

cyber security

Collaboration key to malware success, says Microsoft

Warwick Ashford

Collaborative malware is one of the latest techniques cyber attackers are using to ensure their malicious programs cannot be removed from infected computers, says Microsoft.

The company’s Malware Protection Center (MMPC) has found that the Vobfus and Beebone families of malware constantly update each other with new variants to make them resilient to antivirus products.

“Updated antivirus products may detect one variant present on the system; however, newer downloaded variants may not be detected immediately,” wrote Hyun Choi in an MMPC blog post.

A typical self-updating malware family that just updates itself can be remediated once it is detected, because once removed from the system it cannot download newer versions of itself.

However, in the case with Vobfus, even if it is detected and remediated, it could have downloaded an undetected Beebone which can in turn download an undetected variant of Vobfus, wrote Choi.

Typically, a machine is infected with Vobfus through removable media or mapped drives

Vobfus then contacts its command and control to get instructions for downloading Beebone to the same machine. Simultaneously, Vobfus infects other removable media and mapped drives.

In the third stage, Beebone contacts its command and control for instructions on downloading Vobfus updates and variants, as well as other malware.

Finally, the new variant of Vobfus downloads new variants of Beebone and simultaneously infects removable media and mapped drives.

To prevent Vobfus and Beebone gaining and maintaining a foothold on computers, Microsoft recommends using caution when clicking external links and keeping browsers and other software, including antivirus, up to date.

Because Vobfus is primarily downloaded by Beebone or spread via removable drives, a possible method of prevention is disabling autorun functionality, wrote Choi.


Image: Thinkstock


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
 

COMMENTS powered by Disqus  //  Commenting policy