Pair Of Computer Viruses Working Together To Resist Antivirus Software
There are some types of computer viruses that prove to be difficult to remove even if they attack alone. However, things could get more challenging if two viruses work together to attack a computer, and this is what Microsoft’s recent research has just found.
According to Hyon Choi of Microsoft’s Malware Protection Centre, they have discovered that the viruses called Vobfus and Beebone work closely together to resist most antivirus programs. The two are able to do this by regularly downloading updated versions of their malware partner. Because most antivirus programs are not familiar with the novel versions, the malicious programs are able to persist undetected. As such, when a computer is infected with these sophisticated viruses, it is easier for thieves to take control of the machine to mine for important data, send spam, or to be used to attack other machines.
A look at Vobfus and Beebone
Vobfus and Beebone are forms of malware virus referred to as a downloader. When they attach themselves to a PC, they immediately report back to a command and control servers (C&C) and proceed downloading other viruses. According to Choi’s blog, they have recently discovered that Beebone is downloading a number of Trojans in addition to Vobfus. The Trojans include Zbot, Fareit, Nedsym and Cutwall.
How they work
Vobfus is usually the first to arrive on a computer. It acts like a worm by using different tactics to infect PCs. It can be installed through links on websites; travel through network links to other machines; or even lurk on removable drives like USB flash drives, and eventually infect the machines they are plugged into. Vobfus may also replicate itself on removable drives and disguise itself with different file names, such as “password.exe,” “porn.exe,” or “secret.exe.”
Once Vobfus is installed, it will eventually spread out to other drives and automatically downloads Beebone. After this, the two start to work together by regularly downloading new versions of their partner. Even if an antivirus detects Vobfus and removes it from the system, it is likely that it has already downloaded an undetected Beebone, which in turn can download an undetected Vobfus variant. This becomes a vicious cycle, which Choi pointed out as the reason why the viruses are resilient against antivirus products.
Choi goes on to mention that the ability of the viruses to auto-update themselves is not the only reason they are difficult to eradicate. He noted that if they infect a computer, they also install an autorun file which aid in implanting them into any disk or drive they come in contact with. As such, they easily travel from network to network, infecting computers along the way.
A word of advice
Removing Vobfus and Beebone is no easy task. However, preventing your PC from getting infected is plausible. As Choi recommends, use caution when clicking links on the Internet to avoid falling prey for malware-infected URLs. He also advises users to keep all browsers and software up to date. Likewise, it is a good idea to disable autorun features on your PC. This is because Vobfus exploits this function when it arrives through removable drives.
Betty Fulton is a writer for several years and has written a number of insightful posts about a wide variety of topics, though she considers technology and social media as her favourites. Currently, she is a regular contributor for PC Doctor, a company providing laptop repair in Edinburgh.