"Frankenmalware"--a virus-infected hybrid malware--is a new and growing security threat. BitDefender recently found that about 0.4 percent of 10 million infected files sampled contained the hybrid and believe that this is representative of about 260,000 hybrids in the wild, according to an article at ITProPortal.

BitDefender research found the first instance of the hybrid as the Rimecud worm infected by the Virtop virus. IT analysts may be familiar with Rimecud, which spreads via file-sharing programs, Microsoft MSN Messenger, fixed drives, removable drives, and instant messaging. MalwareCity reports that Rimecud steals passwords related to online banking, shopping, and email accounts from browsers. Virtop infects executables, including the Rimecud worm and created the "Frankenmalware" threat that has two back doors on the host computer, two different attack scenarios it may follow, and twice as many ways to avoid detection. Further, the virus caused the worm's infection as an unintended result of its viral behavior, leading to the possibility that similar hybrid threats could go without detection in an infected system.

With this type of hybrid malware, no single defense solution is really effective, largely because of the ability of the virus to infect the worm without human intervention or intent, and change it so that it potentially may not be detected by anti-malware software. A layered security approach may provide more protection, and selecting the "best of the best" products and services to protect against the more expected malware as well as hybrid or specialized threats. But even a layered approach to security may not offer the protection needed when it comes to new malware capable of altering itself and other worms or creating many and varied means of escaping detection. Combining security approaches that give protection across the breadth and depth of the enterprise may be a better approach. In other words, more than applying a perimeter defense, a defense in depth approach may offer the enterprise a way to identify and then delay a malware's intent long enough to carry out a mitigation strategy or contain damage.

According to MSNBC, BitDefender found that most hybrid malware is not any more destructive than its parents, and most will "rarely work." But the evolutionary potential of malware should give IT pause to consider whether they have sufficient enterprise security in place, and to be aware that threats to the enterprise will continue its near constant rate of change.