The Virtob Evolving Virus. The Zombie Master…

In the depths of the Bitdefender Virus Labs sits trapped in their secure network a most disturbing virus. Recently discovered is a new evolutionary branch of the computer virus. A virus able to infect other types of Malwares – Trojans and Worms -, turning them into its zombie slaves. Once hybridized the new zombie is controlled by the virus, with all of the zombies functions becoming available to the controlling virus.

Bitdefender Virus Labs have observed this behaviour in the Win32.Virtob Virus. They found that the Virtob virus was able to take control of the Win32.Worm.Rimecud worm. Once in control it took advantage of the replication and transport functions of the Rimecud worm. If the worm is able to spread it then carries the Virtob virus with it, with the combined features from both pieces of malware able to inflict a lot more damage than the creators of either had intended.

In order to study the phenomenon Bitdefender Virus Lab concentrated on the Win32.Worm.Rimecud -Win32.Virtob pair. With an initial study finding that no less than 40,000 such malware symbioses out of a sample pool of 10 million files existed. The phenomenon is now being seen more often in Virus Labs around the world, possibly indicating that the creators of virus’s are now taking advantage of the zombie mechanism.

Bitdefender labs suggest that it is possible this phenomenon started as a naturally occurring process. A worm is just another file –.exe– after all. When a virus gets into a machine that is already infested with a worm, the potential for the virus to infect the worm is there. Even more disturbing is the fact that the Virtob virus seems to able to zombify many different worms. If you have a multitude of worms on your machine Virtob will turn all of them into its zombie slaves, making use of the combined functionality of its zombie hordes.

There are definite similarities between virus’s in the natural world and in the ethereal world that is the PC. Bitdefender labs are seeing new zombies appear all the time, with each new zombie having a new combination of functions. Just as with nature getting the wrong two viruses hybridized can mean trouble, with each new combination bringing unknown consequences.

The one saving grace in this disturbing tale is the fact that the new combined virus should trigger two virus definitions when encountered by your virus detection software. Also none of the observed zombie virus are yet able to work around current generation anti-virus software – Bitdefender Total Security 2012 for example -. More than a timely reminder to keep up to date and protected the new zombie viruses raise an interesting question about the nature of cyber space. Does it mean the evolution of electronic viruses are mirroring natures equivalent, or are the laws of nature leaking into cyber space?

Source: MalwareCity
Source: Bitdefender