Mutating viruses are nothing new, they are used to infect machines in a way that can’t be stopped by traditional anti-virus software. The problem comes in with a new report from Softwin, the Romania based anti-virus software company that makes BitDefender, that says they have found multiple instances of computers being infected by worms that have previously been infected by a virus. They consider it a new “Frankenstein piece of malware” that has the potential to cause a lot of damage.

For those who perhaps don’t know a lot of viruses and worms, a worm is usually an executable file while a virus infects executables. The inevitable problem arises when a virus infects the executable that a worm resides in.

Fortunately, the researchers at BitDefender have no evidence at this point that the new super virus is any worse than a traditional virus. The concern is that worms are better at moving through systems, so a virus attached to a worm will have an easier time moving through a system.

The research team found 40,000 instances of the mutated malware out of a sample of 10 million files. One example was a virus designed to create back doors for hackers infected a worm that steals passwords. Their combination resulted in a mutation that could steal passwords while simultaneously creating a backdoor for the hacker to access the stolen information.

PhysOrg brings up an interesting point in that a virus’ main goal is to cause destruction. So in theory, a virus should destroy whatever it infects including the worm. The researchers never addressed this, but there’s a possibility that the virus could destroy the worm before it does any damage.

The researchers say that the combination of the two malware types was unintentional. The issue raised now is that hackers know it’s possible to combine the two. If it does occur, it could “pose a very serious threat to computers and networks the world over.”

For more examples of how this new super virus can destroy your computer, check out an expert analysis here.

So the latest security bug in Firefox as reported by PC World seems more urgent than most. We all understand that nothing is truly secure on the Internet but we also like to think that there are not glaring vulnerabilities in the tools we use on a daily basis. As the PC World article states:

The attack code, written by security researcher Guido Landi was published on several security sites Wednesday, sending Firefox developers scrambling to patch the issue. Until the flaw is patched, this code could be modified by attackers and used to sneak unauthorized software onto a Firefox user’s machine.

Mozilla’s Director of Security Engineering is calling this a critical issue and a fix is scheduled to be rolled out with a version update at the start of next week. These developers are calling this fix and the release of this update a “high priority firedrill security update”. Not sure about you but that kind of language sounds a little creepy.

No operating system that runs Firefox is spared on this one either including Mac OS and Linux users. Essentially the bug allows someone to plant a “drive-by download” of software by tricking a user into viewing an XML file that starts the process. This was also a public release of the hack so it makes it even more uncommon.

The PC World article doesn’t wrap up with any words to make us feel any more secure though.

While the public release of browser attack code doesn’t happen all that often, security researchers don’t seem to have much trouble finding bugs in browser software. Last week, two hackers at the CanSecWest security conference dug up four separate bugs in the Firefox, IE and Safari browsers.

Maybe these things seem bigger in light of the bad economy because these types of concerns are every day events on the Internet. When times get bad, however, crime goes up historically and now there are more avenues for a new breed of criminal using technology to carry out their plans. Something tells me this may get a lot worse before it gets better.

Comments

The complete results:

30. Anti retroviral treatment for AIDS [Health Care]
29. SRAM flash memory [Electronics]
28. Stents Health [Care]
27. ATMs [Finance]
26. Bar codes and scanners [Retail]
25. Bio fuels [Biotechnology]
24. Genetically modified plants [Biotechnology]
23. RFID and applications (e.g. EZpass) [Electronics]
22. Digital photography/videography [Electronics]
21. Graphic user interface (GUI) [Computer Science]
20. Social networking via internet [Media]
19. Large scale wind turbines [Energy]
18. Photovoltaic Solar Energy [Energy]
17. Microfinance [Finance]
16. Media file compression (e.g., jpeg, mpeg, mp3) [Computer Science]
15. Online shopping/ecommerce/auctions (e.g., eBay) [Information Technology]
14. GPS Systems [Electronics]
13. Liquid Crystal Displays [Electronics]
12. Light emitting diodes (first real devices in 1960s; in products in mid-70s) [Electronics]
11. Open source software and services (e.g., Linux, Wikipedia) [Media]
10. Non-invasive laser/robotic surgery (laparoscopy) [Health Care]
9. Office software (Spreadsheets, word processors) [Computer Science]
8. Fiber optics [Telecommunications]
7. Microprocessors [Computer Science]
6. Magnetic resonance imaging (MRI) [Biotechnology]
5. DNA testing and sequencing/Human genome mapping [Biotechnology]
4. E-mail [Computer Science]
3. Mobile phones [Telecommunications]
2. PC/laptop computers [Computer Science]
1. Internet/broadband/WWW (browser and HTML) [Telecommunications]

Comments

A Trojan injected into sites favoring Tibetan independence from China targeted visitors with a specially crafted download. Security vendor McAfee said the affected websites hosting this Trojan were probably hijacked to place infected web pages in view of browsers.

Once in place, the Trojan, which they dubbed Friebet, grabs software from remote servers that makes the co-opted machine capable of accepting SQL statements and executing them against other machines.

The Friebet malware can try several options to gain access to the databases backing other servers, according to McAfee:

• Bind and connect to local or remote databases from the victim machine

• Query and steal data from local or remote databases
• Insert arbitrary data into local or remote databases, including web data such as hosting a web exploit

Though web application developers may have safeguards in place against common SQL injection attacks, Friebet is a more direct attack against a backend database. Administrators should review protections for databases to ensure such malicious connection attempts cannot succeed.