Let's work together -- viruses collaborate to survive
Microsoft research has uncovered a pair of viruses that work together to make them harder to remove from infected computers. Malware researcher Hyun Choi revealed the news in a TechNet blogpost.
The Vobfus virus spreads through infected website links or via removable or mapped network drives. Once installed on a system it downloads the Beebone virus which enrols the machine in a botnet. After this the two pieces of malware work together to download the latest versions of each, making them harder to detect and remove and allowing them to maintain a presence on infected systems.
Mr Choi says, "This cyclical relationship between Beebone and Vobfus downloading each other is the reason why Vobfus may seem so resilient to antivirus products. Vobfus and Beebone can constantly update each other with new variants. Updated antivirus products may detect one variant present on the system; however, newer downloaded variants may not be detected immediately. A typical self-updating malware family that just updates itself can be remediated once it is detected, because once removed from the system it cannot download newer versions of itself. In the case with Vobfus, even if it is detected and remediated, it could have downloaded an undetected Beebone which can in turn download an undetected variant of Vobfus."
Although it was first discovered in 2009, the Vobfus virus is proving to be a persistent problem due to its close relationship with Beebone.
To avoid infection Mr Choi recommends that users exercise caution when clicking external links as well as keeping their browser and other software up to date. Because Vobfus often spreads via removable drives it may also be worth disabling the Windows autorun feature.
Have you experienced a virus infection that's hard to shift or which keeps on coming back? Let us know in the comments if you think you've fallen foul of a collaborative virus.
Photo Credit: Paola Canzonetta/Shutterstock