Pair of PC viruses help each other survive
Two computer viruses that collaborate are proving hard to clean from infected PCs, Microsoft research suggests.
The pair of viruses foil removal by regularly downloading updated versions of their malware partner.
The novel versions are usually unknown to anti-virus programs which let the malicious programs persist.
Once present on a PC, the viruses let thieves take over a machine so it can be mined for saleable data or used to send spam or to attack other machines.
The close relationship between the two viruses was revealed in a blogpost by Microsoft malware research Hyun Choi.
Mr Choi said that the two Windows viruses, known as Vobfus and Beebone, were regularly found together. Vobfus was typically the first to arrive on a machine, he said, and used different tactics to infect victims. Vobfus could be installed via booby-trapped links on websites, travel via network links to other machines or lurk on USB drives and infect machines they are plugged into.
Once installed, Vobfus downloaded Beebone which enrolled the machine into a botnet - a large network of infected machines.
After this, said Mr Choi, the two start to work together to regularly download new versions of their partner in cybercrime.
This, he said, was a powerful mechanism that helped it keep a foothold on infected machines.
"In the case with Vobfus, even if it is detected and remediated, it could have downloaded an undetected Beebone which can in turn download an undetected variant of Vobfus," he said.
"The two threat families are intrinsically related," wrote Mr Choi, adding that the "cyclical relationship" had helped Vobfus become a persistent problem since 2009 when it first appeared.
Defeating the two viruses was tricky, he said, because Vobfus was so good at travelling via networks. As well as keeping software up to date he recommended disabling the "autorun" feature on Windows machines as Vobfus exploits this when it arrives via USB drives. In addition, he said, people should be wary of clicking links on external websites to avoid falling victim to booby-trapped URLs.