Malware is able to infect other malware and in some cases make it easier for anti-virus software to detect, an incident response investigation by data-security firm Trustwave Spiderslabs has discovered.
The research looked at two pieces of suspect malware – a variant of the Sality Trojan virus and a malware designed to steal banking information – and discovered that once Sality was added to the system, it infected the banking malware along with everything else, meaning that one piece of malware was infected by another.
"While it is not uncommon to find multiple, unrelated malware samples on a compromised host, the actual infection of one sample with another is not seen very often," director of security research at Trustwave SpiderLabs Ziv Mador told Computing.
And while the Sality Trojan is detected by the majority of anti-virus products, it's more difficult to discover the more specifically targeted banking malware.
"Highly targeted malware is crafted to evade anti-virus and due to its limited distribution, AV [anti-virus] companies are unlikely to ever capture these samples in the wild," explained Mador.
"To prevent detection by AV, malware authors have a number of third-party services available to them that emulate the Multi-AV scanning. The authors can tweak the malware until it no longer matches any signatures or heuristics of known malware."
However, the banking malware was discovered by anti-virus software after being infected by Sality Trojan due to its dominant nature after the malware-on-malware attack. Still, no computer user wants to be the victim of an attack, and Mador offered some advice on how to prevent systems being infected by any malware.
"Identify vulnerabilities that lead to initial infection as well as testing to discover other vulnerabilities that might allow the attacker to get their foot in the door. Network segmentation, log analysis, and reducing unnecessary access permissions are additional steps to help mitigate future attacks," he said.