SBN Malware spotlight: Hybrid malware

Introduction

Hybrid malware, also known as combo malware, is a combination of two or more different types of attacks — usually a Trojan horse or worm with adware or malware attached. Hybrid malware can also act like a bot, aiming at making infected machines as a part of the bigger bot network controlled by the botnet masters. Once the infected machines are connected to the botnet, hackers can rent them out to other threat actors for their own purposes.

In addition, hybrid malware may also combine a virus’s ability to alter program code with a worm’s ability to hide in live memory. Moreover, it also has the ability to propagate without any action on the part of a user. 

In his book “Malware: Fighting Malicious Code,” Ed Skoudis wrote that most modern viruses fall into the hybrid category because, in addition to infecting files like a virus, they used the worm’s propagation technique to disseminate themselves throughout the network.

How dangerous is hybrid malware? Why do cybercriminals create hybrid malware? What is one example of hybrid malware and what are the best defenses against it? Here is some help.

How dangerous is hybrid malware?

To understand the impacts of hybrid malware, first and foremost, we need to figure out the damages of its potential components. For example, the following malware types can form a single packaged attack — the hybrid malware — and we will briefly explore each of them:

  • The virus can infect boot sectors, host files, document files (e.g., Microsoft Office, AutoCAD, DOCX files, PDFs or TXT files) and executable files using companion infection techniques, appending infection techniques, overwriting infection techniques and prepending infection techniques
  • Worms are spread across the network by exploiting vulnerabilities in an operating system. They can harm your computer by overloading (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Fakhar Imam. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/Je2zSTn2he8/