All the world is a petri dish
Most of the samples seen by SophosLabs are pretty straight forward malware, be they your typical Banker Trojan, Zlob disguised as a codec installer, some flavour of removable media/autorun worm or one of the many incarnations of fake anti-virus software to name a few.
The odd parasitic is a welcome break from the monotony and since almost every new virus is hand-crafted they always bring with them new challenges - but what happens when multiple parasitics are allowed to reside on the same infected computer, often with an assortment of other malware? What often results is that a host is infected multiple times by different parasitic agents and this competing can sometimes interfere with previous detection identities.
One such case has crossed my desk today where a customer has submitted a W32/Brontok-B worm infected with W32/Sality-U and this infected file was then also infected with W32/Bacalid-A. Not the most pleasant mix of malware, given that the Bacalid parasitic is a hard polymorphic and the Sality has a tendancy to produce corrupted samples during infection…
Although this poses no significant issues it does demonstrate that when multiple pieces of malware attempt to co-exist on an infected computer some interesting ‘breeds’ of malware may arise whose behaviour consist of an overlap between the individual infections.
I thought this particular scene courtesy of xkcd put the scenario into a rather amusing light :-)
Posted on December 3rd, 2008 by Pete, SophosLabs AUFiled under: General, Malware
Windows 7 security - A great leap forward or business as usual?
