Recent encounters with hybridized malware files have left Trend Micro researchers wondering if they have been designed that way or if they are just an undesirable side effect lurking from heavily infected systems.
To demonstrate how both malware may benefit from the symbiosis, they took the recently detected attack involving an IRC bot (WORM_LAMIN.AC) infected by a mother file infector (PE_VIRUX.AA-O) as an example.
Because of PE_VIRUX’s polymorphic nature, WORM_LAMIN.AC might be harder to detect. WORM_LAMIN.AC returns the favor by spreading PE_VIRUX. Together they change user and system security settings in a way that makes it easier for them to remain undetected, and payloads carried by both are delivered.
I guess that, in the end, it doesn’t matter that much how this hybridized malware came to be. Either way, it’s likely that its appearance will spark other malware developers to try that novel approach.