Morphing Malware Misery

Next story

Image

A shapeshifting piece of malware, called Beebone, which at one point changed its identity 19 times a day, has been beaten it seems.


Beebone is highly sophisticated. It regularly changes its unique identifier, downloading a new version of itself, and can detect when it is being isolated, studied, or attacked.”

Raj Samani, Intel Security’s chief technology officer, explains to the BBC.

Operation Beebone was set up in order to combat Beebone by the Joint Cybercrime Action Taskforce, an EU initiative to combat cross-border internet crime, and also involved the FBI.


Shapeshifters


Mark James, ESET security specialist, explains why shapeshifting malware can be so dangerous.

“The problem with malware that adapts and changes is that it’s obviously much harder to detect.

“If we know what it does, how it does it and what it looks like then traditional signatures or behaviour analysis will often do its job.

“For malware that shapeshifts we need to know a lot more about it to enable us to detect not only the original files but also the many strains and variants that can manifest themselves at will.

“All this work costs resources and will have an impact on system resources from both the malware and the antivirus trying to find and deal with it.”


Nail in the coffin


The final nails in the coffin seem to have come from “sinkholes” into which “traffic meant for specific IP addresses is redirected from suspected criminal-controlled sites to the investigating authorities.”

As a result the taskforce now believes that they’ve shut down Beebone, providing that infected users remove the little blighter.

It’s obviously fantastic news that such a prodigious piece of malware is being dealt with but are there others like it in-the-wild?

“Many different forms of malware will mutate. Malware like any other software has to adapt to today’s modern standards and benign malware just won’t cut it,” Mark explains.

Subscription services and mutating malware are part of the norm these days and is needed to avoid detection.

“You often find that malware will actually download other malware to try and stay undetected and resident on your machine.”

After all remaining undetected is the most important aspect of a sophisticated piece of malware: if it’s found then it’s removed, subtle tinkering that stays hidden is preferred to stamping through a system and quickly being dealt with.

What can you do to better defend yourself against this shapeshifting threat? Surprise, surprise, get yourself some antivirus (perhaps give ESET a try) and keep it up to date, along with other programs commonly used like Java, Flash and your OS of choice.

“We have to adapt our methods and software to keep up with malware and we are continually developing new techniques to combat the ever evolving landscape of malware and its many varients.”


Join the ESET UK LinkedIn Group and stay up to date with the blog.

Have you had to remove Beebone from your system? Have you checked?

Image source: Witterung on Deviant Art.