Sign up for our newsletter
Technology / Cybersecurity

Microsoft detects symbiotic malwares which help each other to survive

Microsoft researchers have detected a pair of computer malwares known as Vobfus and Beebone, which work in a symbiotic relationship with each other and avoid being detected by anti-virus software.

The research revealed that if one of the malwares gets detected and destroyed by some anti-virus software, the second would automatically download another version that may go undetected.

Microsoft researcher Hyun Choi said that Vobfus is a Visual Basic malware compiled either in p-code (pseudo code) or native code.

"Based on our observations, Beebone variants then download other variants of Vobfus, creating an infection cycle that means where you see one of these families, you’ll often see the other," Choi said.

White papers from our partners

"Updated antivirus products may detect one variant present on the system; however, newer downloaded variants may not be detected immediately.

"A typical self-updating malware family that just updates itself can be remediated once it is detected, because once removed from the system it cannot download newer versions of itself."

Once the system gets infected, the viruses would report back to the command and control servers (C&C) and start downloading other viruses, and also allow hackers to take over a machine.

"This cyclical relationship between Beebone and Vobfus downloading each other is the reason why Vobfus may seem so resilient to antivirus products," Choi added.


This article is from the CBROnline archive: some formatting and images may not be present.

CBR Staff Writer

CBR Online legacy content.