Malware writers are constantly tweaking their nasty creations to evade upgraded security, spread faster and cause more damage. Now, in an unprecedented and frightening development, malware has been spotted that evolves on its own, leeching onto other strains and multiplying its powers, without any human interaction.
These "malware sandwiches," as the security firm Bitdefender called them, occur when a virus reaches a system already infected by a worm, and rather than independently attacking the network, the virus infects the executable files on the computer, including the already-present worm. The ghastly end result, also called "Frankenmalware," poses a serious new threat to computer users and the anti-virus vendors tasked with keeping them safe.
"The combined features from both pieces of malware will inflect a lot more damage than the creators of either piece of malware intended," Bitdefender analyst Loredana Botezatu wrote.
In a study, Botezatu identified at least 40,000 "malware symbioses" from a sample of 10 million files. One malware sandwich created found a virus, "Virtob," latching onto the "Rimecud" bank-account-stealing worm to form a super-powered monster that leverages the spreading capabilities and tenacity of the worm — it propagates through file-sharing services as well as Microsoft MSN Messenger — with the virus' ability to receive commands from a remote server.
A computer infected with this malware combo "faces a twofold malware with twice as many command and control servers to query for instructions," Botezatu said. "Moreover, there are two backdoors open, two attack techniques active and various spreading methods put in place. When one fails, the other succeeds."
Malware powerhouses also have the advantage of being able to better avoid anti-virus software; if one is caught, often the other goes undetected.
Web surfers can lower their chances of falling victim to a Frankenmalware attack by running anti-virus and anti-malware software on their computers, and being careful not to download any suspicious files from untrustworthy sites.