Hybridized Malware Spreading?

Trend Micro has recently been encountering more hybridized malware files. These are conventional malware files (such as worms or Trojans) that have been infected themselves. Consequently, they display both sets of behaviors– those of the worm/Trojan and of the file infector.

One recent example of this type of attack involved an IRC bot detected as WORM_LAMIN.AC that was also infected by a mother file infector PE_VIRUX.AA-O.

It’s not clear if these kinds of malware were intentionally created or if they are the result of a highly infected user system. While some of these problems largely affect malware analysts (such as inaccurate detection names), the biggest issue for users is how it affects cleanup. An incomplete clean operation could lead to the creation of a damaged variant of the malware, which might allow them to evade detection by security software.

If this were deliberate, however, it could be an effective tactic that cybercriminals can use to increase the effectiveness of their attacks. Both groups–those behind PE_VIRUX and WORM_LAMIN, respectively–benefit.


Leave a Reply