Discuss as:

What if a virus infected a virus? 'Frankenware' spotted by security firm

What if two computer viruses got together on your computer and had a baby? 

It does happen, says security firm BitDefender, and the result is more mutant than mutt. The firm has taken to calling the third, new piece of malware produced by the odd couple — with apologies to Mary Shelley — "Frankenware." The spontaneous software offspring might be dangerously unpredictable, and it can be harder to defend against, BitDefender says.

There are so many computer viruses flying around out there that they can't help bumping into one other while wreaking havoc on our computers. In fact, virus writers account for this. In order to protect and defend a hard-won compromised computer, some virus writers actually install their own antivirus programs after they infect a PC. That way, another bad guy can't come along and hijack an already hijacked machine, said Catalin Cosoi, head of the Online Threats Lab at BitDefender, based in Romania.


But what happens when an already-infected machine is attacked by a virus that inserts code into every executable file it finds on a machine? What if a virus infects a virus?

In rare cases, says Cosoi, a third virus with unpredictable capabilities is created. But it's not that rare: His firm recently searched 10 million pieces of malicious software and found 40,000 distinct examples of this. 

"As with evolution, these things happen accidentally," he said. "The combination doesn't usually work, but sometimes it does."

It helps if the two pieces of malicious software have complementary features, he said — for example, if one is a keylogger while the other is designed with a wormlike ability to propagate quickly.

The good news is that, generally, such hybrid viruses can be easier to detect than their parents, because antivirus software that uses "signature" definitions — which identify malicious programs by looking for telltale lines of computer code — have "twice the chance" to detect the troublemaker. On the other hand, some other virus detection tools might overlook the Frankenware because the new file will be a different size from its parents, Cosoi said. 

John Harrison, a product manager with Symantec, said his firm had never found something like the Frankenware BitDefender is describing, but he did say most PCs that are successfully attacked by virus writers have multiple malicious programs on them. Generally, when a computer has a security vulnerability, the secret doesn't last long, and a hacker feeding frenzy follows.

"We've seen computers with 25 different pieces of malware on them, even more," he said. "They are often stealthy. ... By the time the user notices the PC has slowed down or there's a blue screen, it could be the 100th piece of malware." 

So the idea that two such programs could collide and accidentally create a hybrid isn't that far-fetched. But the real question is: Could such Frankenware pull a Frankenstein and wreak unexpected havoc on the real world?

Cosoi wasn't ringing any alarm bells. Virus writers do what they do for money, and this kind of random, destructive interaction wouldn't profit anyone. For that reason, he thought all the incentives in the computer underworld would probably be enough to limit such possibilities. In other words, virus writers will probably work to prevent such an occurrence because it would hurt their business.

And, most important, nothing of the sort has been discovered. The 40,000 Frankenware samples that BitDefender has found are no more dangerous than their "parents."

However, it's important to note that virus writers, even if they seem quite professional in their craft, hardly undertake rigorous product testing. Mistakes happen.

"If you throw a bunch of malware on a computer, that doesn't automatically mean it will create new malware and it rarely works," he said. "But when it does, it could be dangerous. I can see how a new kind of malware that spreads faster and is more viral than any of the two (parents) ... could turn into something more dangerous."

 Don't miss the next Red Tape:
*Get Red Tape headlines on your Facebook Wall
*Follow Bob on Twitter. 
*Get an e-mail newsletter with Red Tape stories (requires Newsvine registration).