back to article Super-powered 'frankenmalware' strains detected in the wild

Viruses are accidentally infecting worms on victims’ computers, creating super-powered strains of hybrid software nasties. The monster malware spreads quicker than before, screws up systems worse than ever, and exposes private data in a way not even envisioned by the original virus writers. A study by antivirus outfit …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Yawn

    Antivirus vendor spreads more FEAR in order to drive more sales rather than offering free advice to keep people's systems safe.

    1. Gordon Fecyk
      Go

      Free advice is seldom cheap: Rule of Acquisition #59

      I should know. Free advice on a site I maintain cost me about C$25k over the last six years.

  2. Lockwood
    Coat

    The malware has been doubled!

    The computer might explode! And explode again!

  3. Anonymous Coward
    Anonymous Coward

    Hybrids?

    “If you get one of these hybrids on your system, you could be facing financial troubles, computer problems, identity theft, and a wave of spam thrown in as a random bonus,” said the man who claims it can all be prevented if everyone would only apply snake oil properly, which he coincidentally can let you have some of for a small consideration.

  4. G C M Roberts

    Can we get a Beaker from the Muppets icon? I think a giant meep sounds appropriate for this kind of story.

    1. I'm Brian and so's my wife
      Boffin

      Seconded

      <---- Let's drop this icon in favour of Beaker

  5. Khaptain Silver badge
    Devil

    Security company advises that Virii are "Dangerous".

    >you could be facing financial troubles, computer problems, identity theft, and a wave of spam thrown in as a random bonus,

    or even Death....................

    The Fear Factor gotta love it....

  6. Dr. Vesselin Bontchev
    Boffin

    Advent?!

    Malware sandwiches have been with us since the time of the Jerusalem virus (remember that one?).

    Even more interesting (but similarly not new), some computer viruses can "mate" and exchange malicious code, resulting in new, previously unknown variants. Used to happen a lot in the MacOS (that was before Apple switched to a Linux variant for the OS of the Macs, for you youngsters out there) and the macro virus world.

    But self-replicating malware (i.e., viruses) is mostly irrelevant nowadays. Most of the infections are caused by various kinds of Trojan horses (i.e., malware that does not replicate itself).

    So, I'd classify this "news" item as "yet another AV company seeking attention".

    1. Steve the Cynic
      FAIL

      Linux variant????

      MacOS X is many things, some good, some bad, but it is not a Linux variant.

      ((Check the history: it is derived via NeXTSTEP from CMU's Mach kernel, and this work pre-dates Linux by a few years. The other ingredients in the sauce are parts of FreeBSD and NetBSD.))

      FAIL icon for you, then...

      (The points made about malware itself are sound.)

    2. Destroy All Monsters Silver badge
      Thumb Up

      "the time of the Jerusalem virus"

      Jesus as Patient Zero of a new replicator meme complex?

  7. Anonymous Coward
    Anonymous Coward

    Wot no smugness?

    Where's all the Apple/Linux/BSD/Plan9/Amiga/ZX Spectrum fanbois to tell us they're immune to such nonsense and why Windows is a doomed ship?

    1. Nick Ryan Silver badge

      Smugness?

      hahaha, I remember the Amiga viruses... and these were MENS viruses, not these namby pamby information stealing bits of fluff the yung'uns of today complain about. These modern fandangled things are so busy trying to steal information that they forget to deliver trippy payload screens, randomly formatting every media unit they can find and still find time to insult you and the other virus writers.

      sheesh... the youth of today...

      1. revdjenk
        Joke

        ...and...

        if you tried to tell that to the youth today, they wouldn't believe you!

      2. adnim
        Happy

        I remember well

        The last virus infection, apart from the malware I deliberately infect vm's with was the Saddam virus on my Amiga, now that was a proper man flu infection.

        Yes you read right, I am being very smug indeed, I have not had a virus on any of my Windows or Linux boxes ever. I am very careful, although not being infallible I expect luck has a bit to do with it too.

        Famous last words.... Perhaps my bank details are on there way to China or Russia now and my machine will fail to boot tomorrow 'cos the hard disk has been formatted. Good job I back up all my important and personal data in plain text to the cloud.

        1. 437T

          No virus... that you know of.

          "I am being very smug indeed, I have not had a virus on any of my Windows or Linux boxes ever."

          That you know of.

          They don't exactly advertise their presence these days.

    2. Anonymous Coward
      Anonymous Coward

      @AC 12:26GMT - No time for that! We're all busy running AV scanners on

      our Linux/Unix/*BSD/MacOS X machines to search for Windows viruses. (Guffaws all around, keyboards soaked with coffee and so on).

      Sorry but you asked for it!

  8. Ken Hagan Gold badge
    FAIL

    "BitDefender doesn't have historical data to go on."

    "All of the malware hybrids analysed by BitDefender so far have been created accidentally."

    "BitDefender carried out its study after finding a sample of the Rimecud worm that was infected by the Virtob file infector."

    Erm, so BitDefender have made the "discovery" that viruses infect files and the separate discovery that (on an infected machine) some of those files will be other viruses or worms. Furthermore, they apparently *haven't* made the discovery that usually this is done on purpose. (Modern malware generally combines several different strategies to maximise the chances of success. Even in the popular press, virus descriptions generally make this point.)

    So in the absence of any clue, or historical data, they are announcing that the sky is falling. Sheesh! Even by the standards of AV press releases, this one is pretty lame.

  9. Michael H.F. Wilkinson Silver badge
    Joke

    What?

    Nobody has welcomed our Frankenmalware chimeric worm-virus overlords?

    I am astonished!!

  10. Brewster's Angle Grinder Silver badge
    Boffin

    The real danger is exponential explosion

    According to the linked post, hybrids have *different* signatures to their progenitors. So, suddenly, instead of N signatures, the database has to store N(N-1) signatures. And, presumably, the only way to calculate them is either to produce the hybrid in the lab or to locate it in the wild. So, even after a signature is released, there might be a window when no signature exists for viable hybrids.

    And then, I suppose, there's a chance the hybrid can be infected by another piece of malware. How far will it go O(N^3), O(N^4)? How big does the database have to become? How long does it take to produce all the signatures? There <em>is</em> a danger here. And I rely on the "snake oil" to protect my mom/girlfriend/kid from being infected. So let's hope virus writers don't start coding with this in mind, or what we call "malware" might become genes in the first piece of artificial life. But for the moment, I won't be losing any sleep.

    1. Anonymous Coward
      Anonymous Coward

      re: How big does the database have to become?

      I don't think it will take much more to detect a hybrid than to detect its component parts - it will still retain the characteristics of these. AIUI the threat is more about the increase of available infection vectors, which might allow an outbreak to spread faster and further.

    2. Steve Knox
      Boffin

      "According to the linked post, hybrids have *different* signatures to their progenitors."

      No, according to the blog post, a hypothetical situation may occur where AV software disinfects the latest infection, leaving the file with the previous infection(s), but due to a weakness in the disinfection process, the previous infections no longer have the original signature.

      This is a) hypothetical only, b) more indicative of a flawed disinfection process than a new danger posed by malware hybrids, and c) not likely to produce a N(N-1) situation because the signature modification happens in the disinfection process, not the infection process. So the more likely number of signatures required would be N(F) where F is the number of distinct (i.e, producing different artifacts) flawed disinfection routines. And the solution is to fix the disinfection routines.

  11. Anonymous Coward
    Anonymous Coward

    Which platform?

    On which platform/operating system is this? Windows? Another reason to deinstall it.

    1. Anonymous Coward
      Anonymous Coward

      re: Which platform?

      Probably the most common one, because that's the one that provides most potential for proliferation. Simples.

  12. revdjenk
    Megaphone

    There fixed it for you-

    Viruses are accidentally infecting worms on victims’ Windows computers,

    1. Dave Cradle

      Didn't need fixing.

      It didn't need fixing since Windows is ubiquitous. A few niche or hobby OSes don't count.

      Now I don't believe that, but I thought I'd give you a sample of what ignorant, patronising shite coming towards you was like rather than radiating away from you as per the norm.

  13. Stephen Sherry
    Facepalm

    This is a new thing?

    Umm, this has been going on for a long time, but not put into these exact words... Most Malware infections include a combination of rootkits, trojans, and other variants of malware by the time many users bring their systems to the shop. If they can get infected, and not break the PC, then they technically work together. Much like some times you can have 2 antiviruses on a computer and have it not break windows, you don't call that Mega-protection. The fact people are pointing out the fact malware can combine if they don't break each other, seems kind of strange to me on an IT site. It would make some kind of sense on the mainstream media, because they are about 5-10 years behind reality when it comes to technology and science.

    But don't listen to me, just a filthy peasant :P

  14. Destroy All Monsters Silver badge
    Meh

    http://en.wikipedia.org/wiki/Core_War

    I think it is extremely unlikely that successful hybrids will be created accidentally. This is not a large physically grounded system with high parallelism. Here, we have a few thousands computers in which "hybridized code" implies higher success at crashing & burning, not at hiding, surviving and infecting.

    As to why anyone would develop such a thing knowingly ... beats me. Why not just pack everything into a known correct package?

  15. Jop
    Mushroom

    If im not mistaken

    An AV using heuristics should spot the first virus on the system and also the second. For the same reasons it would detect the hybrid too.

    On an AV not using heuristics that looks for strings/identifiers, it should spot both individual viri. A hybrid of the two should still have the identifying marks of the second virus to infect the first, so would still be identifiable as long as the AV has the definition for it.

    So the result is no different from having 2 different viri on your computer. They are not giving the other viri any extra features or spreading any of the code of each other. It is not parasitic in any way. It would have to be coded to be parasitic and use the code of another infection.

    The only thing I can see is that one virus may stay hidden due to double encryption of a file by the second virus but this should be spotted at run time. In any case the AV should catch the first virus anyway.

    Am I missing something?

    1. Ken Hagan Gold badge

      Re: Am I missing something?

      Dunno, to be honest, since I don't write AV code. But I can speculate.

      Heuristics are unreliable, so a system based on heuristics needs lots of ticks on its check-list before it dares to flag a program as a virus. Therefore, small changes in behaviour may well be enough to get past heuristics, unless the heuristics are cranked up to Total Paranoia mode, in which case the heuristics probably start flagging up the OS as a virus. (Guess: this is already happening and is the real reason behind the occasional tendency of some AV offerings to brick Windows systems.)

      Signatures similarly can't afford to be too short, or else legitimate applications will, by chance, have the same sequence of instructions. Almost any modification, and that certainly includes patching by another virus, might be enough to invalidate signature-based checks, possibly even for both viruses.

      On the other hand, this is not a new phenomenon. It has *always* been possible for one virus to infect another. Therefore, I think we already know how effective AV software will be, because it already *is* dealing with this problem.

    2. CPC
      Facepalm

      Dear Miss Taken

      you assume that the muppets getting infected are running AV or even have a clue

  16. brainwrong
    WTF?

    breeding?

    If different software can breed then why hasn't linux bred with windows to create a robust OS with a graphical frontend that can run more than just a few half-written apps?

    - a dissapointed linux user.

    1. Anonymous Coward
      Anonymous Coward

      @brainwrong - Stay with your Windows then and be happy!

      We the non-Windows users do not want any of the Windows malware, WGA checks and compulsory registration included.

    2. Ken Hagan Gold badge

      Re: breeding?

      Read your Dawkins, brainwrong. Breeding is a *random* mixture of parental genes. The result is likely to be a non-robust OS that no-one can use: Ubuntu with Unity/HUD. For what you've asked for, you need intelligent design.

  17. hb_decoupler
    Mushroom

    AAHHH!

    IT'S HACKED MY INTERNET AND HAS CONTROL OVER MY FIREWALLS!

  18. min

    something tells me that breeding Linux and windows will produce one fugly Mule.

    1. Anonymous Coward
      Anonymous Coward

      @min - I believe it will rather produce this instead

      Linux Genuine Advantage (just Bing for their website)

  19. Colin Millar
    Headmaster

    on the other (more realistic) hand

    Computers riddled with multiple malware are probably already so compromised that there is nothing left to hack

    memo to BitDefender - viruses do not "accidentally" infect other files unless you are using the word "accidentally" in its little know alternative meaning of "deliberately"

  20. laird cummings
    Boffin

    Sounds familiar...

    "Goodtimes will give you Dutch Elm disease. It will leave the toilet seat up. It will make a batch of Methamphetamine in your bathtub and then leave bacon cooking on the stove while it goes out to chase neighborhood children with your new lawnmower."

    Yeah. I thought as much.

    1. multipharious

      Goodtimes! :)

      Dude, thanks for the chuckle and the bit of nostalgia. The original email had me about crying on the floor after half a decade of "warnings."

      1. laird cummings
        Happy

        I was once a regular correspondant with George Smith of the Crypt Newsletter and Rob Rosenberger of Virus Myths. I picked up a pretty jaded attitude towards software security companies. Yes, they have a product and a need for it too, but they're strongly motivated to spread fear and misunderstanding.

        The "goodtimes/badtimes" letter made me giggle like a lunatic. :)

  21. multipharious

    What a second...

    Isn't this just two infections on the same machine? I mean the code from one is not inserting itself into the code of the other and then infecting new machines using the new capabilities in an intentional way is it?

  22. Anonymous Coward
    Anonymous Coward

    Sounds like nobody had heard of polymorphic and multipartite viruses oh, I don't know, 20 years ago?

This topic is closed for new posts.

Other stories you might like