AfterDawn: Tech news

BitDefender: 'Frankenware' mutant virus now in the wild

Written by Andre Yoskowitz (Google+) @ 29 Jan 2012 20:29 User comments (15)

BitDefender: 'Frankenware' mutant virus now in the wild According to security firm BitDefender, there are numerous "frankenware" viruses in the wild, viruses that have mutated with other computer malware.
The new software is "dangerously unpredictable" and can be very hard to defend against, notes the firm.

Says Catalin Cosoi, head of the Online Threats Lab at BitDefender: "As with evolution, these things happen accidentally. The combination doesn't usually work, but sometimes it does." After searching through 10 million pieces of malicious software and code, the labs says it found 40,000 "frankenwares."

Usually, the mixture occurs when the two malwares have complementary features, like for example, "if one is a keylogger while the other is designed with a wormlike ability to propagate quickly." Because most anti-virus programs use signature definitions, the new hybrids are generally easier to detect. However, since the mutants have different file sizes then their creators, some detection tools may completely miss them.

Rival Symantec says they have not seen anything "of the sort."

Previous Next  

15 user comments

129.1.2012 23:58
Yiddish
Unverified new user

whatever the software, let it be, if we choose the right antivirus all malwares will be vanished, do try right antivirus like avast,comodo...

cheers
yiddish,the comodo user

230.1.2012 0:24

Quote:
Says Catalin Cosoi, head of the Online Threats Lab at BitDefender: "As with evolution, these things happen accidentally. The combination doesn't usually work, but sometimes it does."
Being a software developer who is unimpressed with the aforementioned theory, I can chuckle at this statement on two different levels. :-P

330.1.2012 0:40

Computer viruses that mutate on their own is a very real possibility.....Remember that REAL viruses use RNA as code which is somewhat equivalent to binary computer code in the digital world...All it takes is for an evil genius to come up with the right code and set it loose....

430.1.2012 1:01

Quote:

Rival Symantec says they have not seen anything "of the sort."
Of course they didn't find anything. They never do

530.1.2012 2:55

Socking Norton (Symantec) haven't heard about this! /sarcasm
... It's like McAffee saying they've never heard of it either!


Carpe Noctem

630.1.2012 12:07

Sounds like another amoral attempt to sell bad software. Kind of like using scare tactics to sell ladies tasers or pepper spray by scaring the hell out of them with rapists around every corner stories/tactics.

God forbid some tries to be proactive with something for once. No, no, let's be re-active with it; that way we can "control" it! Then they have no choice but to continue to come to us time & time (repeated over & over again, while drooling uncontrollably) again and we can charge them anything we want and as much as the market will bare.

Feel free to apply that last paragraph to any out of control corporate, greed machine, business model you choose.


730.1.2012 14:38

While I HATE McAfee and just plain don't like Symantec, like other A/V companies, they find their fair share of legit stuff so the smack talking about them "not finding anything ever" is meritless. Been in IT for 14 years so I know what I'm talking about.

Now, in all reality, Symantec deals is R&D so them not knowing ANYTHING about this seems either disconcerting or sketchy.

830.1.2012 15:20

Originally posted by hearme0:
While I HATE McAfee and just plain don't like Symantec, like other A/V companies, they find their fair share of legit stuff so the smack talking about them "not finding anything ever" is meritless. Been in IT for 14 years so I know what I'm talking about.

Now, in all reality, Symantec deals is R&D so them not knowing ANYTHING about this seems either disconcerting or sketchy.
Not trying to start an argument, so let's not start throwing the plumage out, I'm just going to state that the bulk of A/V companies (except to agree w/ you on that McAfee) are pretty good at detecting most things, but that is indeed their job isn't it?

And as far as R&D is concerned, shouldn't they be doing something? Otherwise too much playing catch up & you'll lose all credibility with your customers.

I'm not saying this has any bearing on your experience whatsoever... but you have to admit to a degree that whether the frankenboner-virus (whatever the hell it is), whether it exists or not, is an interesting concept, has the plausibility to exist & now that someone has put the idea out there some asshole will probably use his thick brain & small peter to make it actually come to fruition?

Kind of puts that Möbius strip/circle into that circle we call 'life'.

930.1.2012 16:07

Originally posted by ivymike:
Computer viruses that mutate on their own is a very real possibility.....

That's not exactly what's happening here. The malware isn't "mutating" so much as it's getting mixed up with other malwares. And malware, like any software is simply a set of instructions written by a programmer for a computer to follow. It technically can't even spread itself "on its own". It must be executed either automatically or manually. If someone writes a program designed to send data (including itself) to other computers and another person writes a program that puts itself in the area to be copied, then when the first program executes, the second program will get sent along with the payload. It's ultimately not that different than when a person copies his Firefox profile to another computer and all the extensions get copied along with it. But it's much more attention-grabbing when paired up with a mental image of Frankenstein's monster. ;-)

101.2.2012 10:16

Originally posted by LordRuss:
Originally posted by hearme0:
While I HATE McAfee and just plain don't like Symantec, like other A/V companies, they find their fair share of legit stuff so the smack talking about them "not finding anything ever" is meritless. Been in IT for 14 years so I know what I'm talking about.

Now, in all reality, Symantec deals is R&D so them not knowing ANYTHING about this seems either disconcerting or sketchy.
Not trying to start an argument, so let's not start throwing the plumage out, I'm just going to state that the bulk of A/V companies (except to agree w/ you on that McAfee) are pretty good at detecting most things, but that is indeed their job isn't it?

And as far as R&D is concerned, shouldn't they be doing something? Otherwise too much playing catch up & you'll lose all credibility with your customers.

I'm not saying this has any bearing on your experience whatsoever... but you have to admit to a degree that whether the frankenboner-virus (whatever the hell it is), whether it exists or not, is an interesting concept, has the plausibility to exist & now that someone has put the idea out there some asshole will probably use his thick brain & small peter to make it actually come to fruition?

Kind of puts that Möbius strip/circle into that circle we call 'life'.


Wholeheartedly................AGREED

111.2.2012 10:18

Originally posted by nonoitall:
Originally posted by ivymike:
Computer viruses that mutate on their own is a very real possibility.....

That's not exactly what's happening here. The malware isn't "mutating" so much as it's getting mixed up with other malwares. And malware, like any software is simply a set of instructions written by a programmer for a computer to follow. It technically can't even spread itself "on its own". It must be executed either automatically or manually. If someone writes a program designed to send data (including itself) to other computers and another person writes a program that puts itself in the area to be copied, then when the first program executes, the second program will get sent along with the payload. It's ultimately not that different than when a person copies his Firefox profile to another computer and all the extensions get copied along with it. But it's much more attention-grabbing when paired up with a mental image of Frankenstein's monster. ;-)
Eh........"Mixed up", "Mutating". Both referencing to a "change or transition".........you say PO-TA-TO, I say PO-TAA-TO

121.2.2012 16:26

Originally posted by hearme0:
Eh........"Mixed up", "Mutating". Both referencing to a "change or transition".........you say PO-TA-TO, I say PO-TAA-TO

The first refers to a combination of existing traits; in this context, the second typically refers to the introduction of new traits not previously present. For example, I can put a three-year-old and a machine gun (neither of which are particularly lethal on their own) together in a locked room. When you combine the traits of the two (impulsiveness of three-year-old and power of machine gun) the results could be "dangerously unpredictable" just as above. However, nothing 'new' has been created that wasn't already there; it's just negligently poor planning -- something that both writers of malware and parents of three-year-olds are occasionally guilty of. :-(
This message has been edited since its posting. Latest edit was made on 01 Feb 2012 @ 16:28

133.2.2012 9:48

Originally posted by Yiddish:
whatever the software, let it be, if we choose the right antivirus all malwares will be vanished, do try right antivirus like avast,comodo...
Right! If you feel protected then good for you. The REAL threat is non-viral malware. The malicious code is is attached to an internet add. From there it imitates a legit update of an add-on to your browser.

I have a computer that when running takes all the internet band width for our network. I have removed the C: and plugged it into a different computer as a USB drive. You do that so the computer defenses are up before the drive is up. I scanned the disk with over a dozen malware scanners. They all show clean. I am looking for a back up disk that will take the computer back to day 1.

Oh the computer had and still uses both Avast and Avira in parallel.

149.3.2012 9:32

Originally posted by Yiddish:
whatever the software, let it be, if we choose the right antivirus all malwares will be vanished, do try right antivirus like avast,comodo...

cheers
yiddish,the comodo user
Even the best antivirus can only protect against what it knows about. If an antivirus is only signature based, the malware author only needs to change a single byte, in order to hide it. A better approach would be heuristics based, where the antivirus tracks the behavior of an unknown program, and allows the computer user to decide if it should run or not. But even that approach is flawed, as it involves getting the user to become more knowledgeable about computers in general, when most people don't know, nor do they care how it does things. They just want it to work.

159.3.2012 9:38

Originally posted by LordRuss:
Sounds like another amoral attempt to sell bad software. Kind of like using scare tactics to sell ladies tasers or pepper spray by scaring the hell out of them with rapists around every corner stories/tactics.

For some reason, the words "I've fallen...And I can't get up!" have begun playing in my head, and won't go away...

Comments have been disabled for this article.

News archive