BitDefender Finds Fresh Threat that’s Mixture of Malicious Programs
BitDefender, which analyzed 10m contaminated files, found approximately 40,000 samples of "Frankenmalware." Reportedly, these samples represent some 0.4% of detected malicious programs. Thus, according to the company, the situation suggests about 260,000 hybrid samples as potentially floating in cyber-space. ITProPortal published this on January 24, 2011.
Understandably, the company began its research of the malware sandwiches when it discovered the Rimecud worm that a file infector, Vitrob contaminated. The former malicious program filches passwords for e-mail accounts, social-networking, online shopping, e-banking, amidst other functions. In the meantime, Vitrob lets the remote attacker issue commands, while the file-infector effectively evades firewalls as well as makes sure it stays on the host PC via performing a code-insertion inside one critical process namely Winlogon.
Loredana Botezatu, threat analyst at BitDefender and initiator of the hybrid samples' research said that an end-user who received a hybrid from amongst the above was likely to encounter computer problems, ID-theft, financial hazards along with plentiful spam. ITProPortal published this. Botezatu claimed that with malware sandwiches emerging, the malicious software environment got one fresh twist in that they propagated far better, while their prediction became increasingly hard.
Essentially, BitDefender asserts that malware of a certain kind has the capability to contaminate another. The company, which examined 2 contaminated PCs, from its total affected computers that had viruses found that those viruses contaminated all software that ran as well as other malware items existent on the examined PCs.
It, while analyzing modern viruses, stated that they expended immense effort for concealing themselves, implying they allowed the contaminated software on the host PC to function as though no infection had ever occurred. When a virus contaminated a Trojan, both malicious programs, it'd be greatly possible that the Trojan would continue its usual function. In that situation, the computer would get contaminated with the two malware separately.
Moreover, there'd be double existence of C&C servers from which the two malware would receive instructions; 2 backdoors would be created; 2 attack methods would get activated as also different propagation techniques would be launched. Hence if one malware turned out unsuccessful, the other would work, Botezatu explained and ITProPortal reported it.
» SPAMfighter News - 01-02-2012