Why even malware writers need anti-virus

One of the many interesting types of malware samples that we see at SophosLabs is malware that does rather more than its author intended it to do.

We will receive a sample that typically has been packed with one of a variety of commercially available packers. We then unpack the file only to find that the original file, which is maybe a Trojan-Downloader or a Backdoor program, has been infected with a file-infecting virus.

It is most likely that the author of the Downloader or Backdoor program didn’t know that his creation was carrying a parasite.

After all, a malware author won’t be running anti-virus protection. It would be a bit of an annoyance while he’s testing his programs and having a poke around with other pieces that he has in his collection.

So he won’t realise that when he runs this funky little app he downloaded from dodgy-malware-guys-r-us.org that he’s just released a nasty little pathogen like W32/Vetor-A, W32/Parite-B, W32/Virut-Gen, a member of the Looked family or W32/Bacalid-A onto his system. He then packs up his own little beastie and sends it on its way, blissfully unaware that he’s also sent the virus out with it.

Malware spreading in this way can create unpleasant complications. It’s not unheard of for aggressive network spreading worms to be infected by a parasitic virus. The worm then spreads widely across the internet, unleashing the virus onto the filesystem of the target once it has penetrated a system’s outer walls, creating even bigger headaches all round.

Moral of the story? Even malware authors need anti-virus.