Vobfus Worm & Beebone Downloader Trojan
Vobfus and Beebone are a combined worm and downloader trojan that use an uncommon self-perpetuating infection mechanism. First observed in 2009 they have been used to deliver other malware such as Zeus and Fareit.
Vobfus is initially delivered through phishing emails or as a download from a compromised website. Once on a device it will write itself to all mapped network and removable drives using autorun.inf. These copies will then infect any new devices they are connected to. Alongside this, Vobfus connects to a C2 server to download and install the latest version of Beebone; which itself will then connect to the same C2 server and download any additional malware as well as the newest version of Vobfus. It is believed Vobfus and Beebone act in this manner to prevent users from fully removing all malware variants from their device, at which point any remaining variants will begin the infection process again.
Some variants of Vobfus will exploit a Windows shortcut vulnerability known as CPLINK to execute arbitrary commands on a device.
Vobfus is often downloaded by other malware, and also downloads other malware itself, including:
Affected Platforms
-
- Microsoft Windows – All versions
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.